Blog Post
September 21, 2022
With major ransomware attacks in the headlines and cybercriminals continually coming up with new ways to attack, enterprises are looking for ways to protect themselves. In addition to strengthening cybersecurity practices and adding new technology, that protection increasingly means taking out cyber insurance policies.
As the U.S. Government Accountability Office (GAO) finds, the number of insurance clients who’ve added cyber insurance grew from 26% in 2016 to 47% in 2020.
However, having a cyber insurance policy doesn’t automatically mean you’re sufficiently protected. You might have gaps in your coverage that could still expose you to significant financial losses. That could be because your current policy terms and limits don’t align with your current risk levels. Or, your insurer might also be under pressure and could start making changes such as to premiums or introducing exclusions.
“Large-scale attacks—such as last year’s Colonial Pipeline ransomware attack, which led to short-lived gasoline shortages in the Southeastern U.S.—have highlighted the potential for catastrophic financial damages. As a result, insurers are starting to take steps to limit their exposure to these losses,” notes the GAO.
Rather than hoping for the best with your cyber insurance policy and assuming you’ll be covered for whatever cyber losses might occur, you can take control with cyber risk quantification (CRQ). Doing so can help you identify gaps in your existing coverage, analyze other insurance options, and identify areas to improve your cybersecurity posture.
To understand how CRQ helps you assess your cyber insurance policy, it’s important to first understand what cyber risk quantification entails.
CRQ means financially quantifying your cyber risk. In other words, you can see how different impact scenarios would lead to financial losses.
For example, you could compare the cost of business interruption caused by a 1% chance event (i.e., an event that occurs on average once every 100 years) vs. the cost of ransomware/extortion due to a 10% chance event.
So, by conducting CRQ, you can compare potential losses to cyber insurance policy limits. You might find that you have sufficient coverage for a 5% year event, but a 1% event could leave you on the hook for millions of dollars.
While these more extreme losses aren’t as common by definition, you have to ask yourself whether you’d be comfortable with that risk. Just like a homeowner might obtain earthquake insurance while hoping a major event never occurs in their lifetime, an enterprise might prefer to limit its financial exposure by taking out a policy with higher limits.
But unless you conduct CRQ to know what different scenarios could translate to in financial terms, then you won’t know how much insurance coverage you need.
Another way that CRQ helps you with cyber insurance coverage is by mapping out how different cyber security controls could affect your financial risk. For example, upgrading your cloud security might lower your financial exposure more than focusing on email security, depending on your circumstances.
Knowing this, you can then more easily prioritize cybersecurity investments and strategies. Not only can that help strengthen your cybersecurity, but it can help you obtain the right insurance coverage.
That’s because insurers want you to show you’re on top of cybersecurity. If you lack sufficient controls, an insurer might not be willing to extend coverage, or at least not provide the terms you’re looking for.
“Demand for cyber insurance is currently growing more steadily than the capacity on offer,” notes insurer Munich Re. “In order to ensure the sustainability of cyber insurance, applicants must provide proof of their security standards.”
With CRQ, you can figure out where to focus your cybersecurity efforts to make your enterprise an attractive candidate for a quality cyber insurance policy. Plus, if you can lower your financial risk, you might be able to save money on your policy.
By conducting financial quantification of cyber risk, Kovrr can help your enterprise assess your cyber insurance policy and improve your coverage.
Moreover, Kovrr benchmarks your insurance terms and conditions to industry peers and provides recommendations for different cyber insurance options that fit your risk profile.
Plus, by providing insights into your cyber risk and helping you understand how to close gaps, we can help you get a better rate on your cyber insurance policy. We’ll provide you with a full CRQ report that you can take to your insurer to negotiate better terms and conditions.
Get started today by viewing a sample CRQ report or Get better coverage at a better rate on your cyber insurance policy.
Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.
.jpg)
