Cyber security, insurance develops to address evolving risksReprints
LAS VEGAS — Cyber insurers and policyholders need to focus more on catching breaches early and defending against breaches rather than responding to breaches after they occur, a panel of cyber experts said.
With methods and styles of attack changing rapidly, historical breach information has limited use, so insurers, cyber security firms and policyholders should analyze current internal data to assess weaknesses in corporate systems, they said.
They were speaking during a session at InsureTech Connect in Las Vegas on Tuesday.
Historical cyber attack data is not necessarily useful in guarding against future attacks because the nature of the attacks changes and historical attacks cannot be used as a predictor for future attacks, said Nicole Eagan, CEO of San Francisco-based Darktrace Ltd., a cyber security firm.
“We have to get over this idea of breach and post-incident response, to a certain degree, and say, ‘There’s already a lot of stuff going on inside (an organization), what we need is visibility to catch it early,’” she said.
Cyber security technology needs to improve to address the evolving risks, said Bill Stewart, division president, global cyber risk practice at Chubb Ltd. in New York.
“We need better technology, we need better application of the technology that we have today to reduce the risk. The fact that there’s so much money being made post-breach is a good indicator that the stuff we are doing is not working,” he said.
The services that policyholders value from insurers differ depending on company size, Mr. Stewart said.
Large companies often have significant resources dedicated to cyber security and don’t need security services offered by insurers, but midsize and smaller policyholders value the services, he said.
In addition, large policyholders often prefer stand-alone cyber coverage because they do not want cyber losses to erode the limits of traditional property and casualty coverages, but smaller companies prefer a bundled approach to their insurance coverages, Mr. Stewart said.
The market for cyber insurance is changing, with rates declining and coverage expanding as different coverages are offered through cyber policies, said Tracie Grella, head of cyber risk insurance at American International Group Inc. in New York.
“Policies are getting broader every day. In the last two months, we’ve seen more (errors and omissions coverage) come into cyber … so start-up companies need to be careful because those lines don’t operate in the same way that cyber does,” she said.
In addition, more reinsurers are entering the market and offering expanded capacity to existing and new cyber insurers, Ms. Grella said.