Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.
Last week, BitSight co-sponsored a webinar with Advisen on the use of risk mitigation services for cyber insurance underwriting. Ira Scharf, GM of Cyber Insurance at BitSight, joined Tracie Grella of AIG and Neeraj Sanhi of Willis Group to discuss several topics in this emerging field. Here are some of the highlights:
Coverage for cyber insurance has progressed
As risks are becoming more complex, so is cyber insurance coverage. In the past, coverage was typically given for external breaches of company networks. Insurers are now giving coverage for employee misconduct, negligence, and disclosure - all of which account for a large portion of breaches. Coverage is also being expanded to cover the risks of third parties and cloud providers.
The process of underwriting has also changed. Underwriting used to be a laborious and expensive process where insurers would travel and conduct on-site due diligence processes. In years past, this process became more refined: insurers used questionnaires and assessments to understand the level of risks for potential clients.
The value of risk mitigation services
Now insurers are increasingly partnering with technology vendors in the underwriting process to further gauge risk. In addition, they are now offering these services to clients so they can improve their cyber posture. As the cyber insurance market is becoming more competitive for carriers, risk mitigation services are also being used to select clients with low levels of risk in an effort to reduce claims and losses.
Vendor risk management is critical for cyber underwriting
A company that holds cyber insurance can have extensive controls in place to monitor their own security, but they still may have vulnerabilities within their business ecosystem. Brokers and carriers now realize that in order to minimize risk for clients, they also need to ensure that clients are taking steps to mitigate third party risk. As a result, brokers and carriers are now increasingly recommending the implementation of vendor risk management programs for their clients and insureds.
Risk mitigation services benefit everyone
Risk mitigation services are lowering the risks for both clients and insurance carriers. Clients can now use these services to improve their security performance, while insurance providers can gain greater insight during the underwriting process. Greater adoption of these services should result in a safer cyber ecosystem.