The May edition of NU Claims contains an article entitled, “Cybersecurity compliance is about to get even trickier”. It contains this fact:
A January study by KPMG found that senior risk executives in the Americas reported record losses from fraud, compliance breaches and cyberattacks over the last year and expect threats to grow in 2022.
Granted, cybersecurity and cyber liability insurance are relatively new fields. But two of the reasons for the record losses are (1) insurers have been writing cyber liability coverage without fully understanding the extent or the complexity of the risks, and (2) their policyholders don’t understand the extent or the complexity of their vulnerability.
As with everything else, with cyber liability, we’re learning as we go. But there are things insurers and their policyholders can do to protect both parties.
Before writing coverage, insurers can work with their prospective policyholders to make sure their environments have been evaluated and some manner of protection has been put in place. Those evaluative and protective measures should include but need not be limited to:
- Gap Analysis: Make sure environments and infrastructures are evaluated to determine levels of preparedness and to determine the ability to recover from potential cyberattacks or data breaches. If weaknesses are discovered, perform a …
- Vulnerability Assessment: Find the weak points and identify compliance gaps in the IT infrastructure. Evaluate points of remote access. Assess authorization levels for access to networks and systems. Analyze perimeter and internal defenses and system configurations. Categorize the risks and prioritize remediation efforts.
- Penetration Testing: Make deliberate attempts to hack environments to evaluate networks, software, security controls, and defenses.
- Monitoring: Make sure you have the tools in place to monitor and secure the IT infrastructure.
To help their prospective policyholders, insurers can also suggest their prospects make sure their cybersecurity vendors have one or more cybersecurity certifications. The website of the National Initiative for Cybersecurity Careers and Studies is a good place to start identifying the appropriate certifications.
Forewarned is Forearmed
No system or environment is hack-proof. That’s why there’s cyber liability insurance. But all systems and environment can be protected from the most common kinds of attacks. And insurers can help their prospects and policyholders mitigate their risks of fraud, compliance breaches, and cyberattacks.
The fact is we’re all in this fight together.