Plugging the gap in cyber insurance

If you’ve ever had a window in your house break because of a storm or an automobile fender-bender, you probably know from experience the value of having insurance for your home and vehicle. Broken windows can result in ruined carpeting and leakage into the room below. And fender-benders, even what look like mild ones, may need thousands of dollars of repairs to fix today’s complex and fragile automobiles. On the other hand, who insures a bicycle or lawnmower? Or a laptop or smartphone? Most of us insure only large possessions like houses and cars. We usually don’t insure small stuff because the cost of insuring them seems high compared to the replacement cost for such items.

Things are pretty much the same when it comes to cybersecurity. More and more businesses and organizations are catching on to the increasing threat landscape and are investing in cyber insurance as part of their overall IT security strategy. I’ve previously talked here on TechGenix about the importance of having cyber insurance and also the importance of knowing exactly what your policy says. I’ve also talked about the balancing act you may need to perform when considering cyber insurance and compliance with regard to regulatory requirements like the EU General Data Protection Regulation (GDPR) legislation. What I haven’t yet talked about, however, is whether current kinds of cyber insurance offerings actually address the security needs of businesses and organizations of various sizes, and to try and get a handle on this important matter I reached out recently to someone who has broad expertise in this area. Jack Kudale is the founder and CEO of Cowbell Cyber, a cyber insurance company that offers the industry’s first continuous underwriting platform. Jack is a passionate global enterprise software leader, entrepreneur, and mentor who carries unique experience in startup ecosystems, global market strategy, field sales execution, and product management. Jack has led the company into the cyber insurance market to offer the industry’s first continuous underwriting platform. What follows are some questions I asked Jack and his illuminating responses that shed light on this rapidly evolving industry.

cyber insurance

MITCH: As cybersecurity becomes increasingly important to businesses, more and more companies are investing in cyber insurance as part of a defense-in-depth strategy against attacks. But how can a company accurately assess the cybersecurity risks they face to ensure their cyber insurance policy can effectively mitigate these risks?

JACK: The cybersecurity market has exploded over the past decade to become a $120 billion market according to Gartner. Yet, it’s hard to find data validating that companies feel any more secure. There is a 24:1 imbalance in what businesses spend on cybersecurity solutions compared to cyber insurance premiums (Marsh and Microsoft 2019 Global Cyber Risk). Using risk transfer as a means to manage cyber risks has been grossly overlooked by many companies until now because they lack the information and tools to measure technical security vulnerabilities and exposure in terms of financial losses that can be mitigated through insurance. Where cybersecurity tools help mitigate cyberthreats and risk exposure, cyber insurance can mitigate the financial loss related to cyber risks.

MITCH: Are the cybersecurity risks faced by different sized companies (small, medium, large enterprise) the same or different? Are the kinds of cyber insurance policies they need similar or different?

Where cybersecurity tools help mitigate cyberthreats and risk exposure, cyber insurance can mitigate the financial loss related to cyber risks.

JACK: Cybersecurity risks vary significantly across company sizes, industries and based on a company’s use of technology. A $200 million company with an Internet footprint spanning 10 different countries has a different cyber risk profile than a $20 million health-care company that operates locally but handles hundreds of thousands of patient records. One might need a policy with higher limits on data breaches to cover the potential loss of regulated data while the other might need a coverage more focused on business interruption.

MITCH: What has been holding up some companies from purchasing cyber insurance to ensure their protection against cybersecurity threats?

cyber insurance

JACK: Cyber insurance is still an emerging market and the multifaceted role it can play in managing cyber risks is misunderstood by enterprises. At the same time, the coverage, premiums, and limits that the insurance industry offers have gaps compared to any enterprise’s unique risk profile and the variety of risk transfer needs. There is basically a lack of clarity and alignment on both sides, which obviously provides many opportunities for innovation.

Information sharing and education are critical to unlock the cyber insurance market. The more transparency between insurers, brokers, and their business clients the faster cyber coverage will become mainstream.

Many improvements are well underway. For example, brokers and insurers are rapidly migrating their insurance application process to an online form supported by paperless transactions. Questionnaires are being simplified with as much information as possible being collected electronically. A streamlined online process is a first step in providing access to more applicants and enables more companies to evaluate coverage options, compare policies, and most importantly get educated about the benefits of cyber insurance.

Information sharing and education are critical to unlock the cyber insurance market. The more transparency between insurers, brokers, and their business clients the faster cyber coverage will become mainstream.

MITCH: How do you see the cyber insurance industry evolving to meet the concerns of these holdouts?

JACK: As we all witness daily when reading the news, the cyberthreat landscape is evolving really fast — new technology, new threats, security gaps in employees’ behavior, and more. All contribute to creating a dynamic risk landscape that is not accurately captured by an insurance application form filled out once a year.

In the age of cloud adoption where a company’s cloud infrastructure can be assessed automatically and continuously for security best practices and technical vulnerabilities through APIs, the assessment of insurable risks needs to catch up and be conducted at a similar pace and with similar ease. Relying on an overall fixed security score to price coverage and establish a comparison between policyholders in an insurance portfolio is too limiting. These are the reasons why Cowbell Cyber introduced “continuous underwriting” and Cowbell Factor at ITC last month. Cowbell’s goal is to enable customized protection and recommendations while providing policy coverage that stays accurate and matches the customer’s needs as they evolve.

MITCH: So what needs to happen for the cyber insurance industry to evolve to meet the needs of everyone involved?

JACK: For the adoption of cyber insurance to continue at a healthy pace and for the insurance market to maintain a healthy loss ratio especially in the event of a cyber catastrophe, all stakeholders need to be empowered with understanding and clarity over the cyber risk portfolio they managed — at the agent, insurers and reinsurer levels. This is another goal for Cowbell: provide insurers, brokers, and policyholders with a consistent set of data and a view of the data that is relevant to them. The technology is available today to support this new approach to cyber risk transfer and our team is excited to help make this a reality for our insurance partners and our target market: the small and midsized enterprises.

MITCH: Thanks for taking the time to respond to my questions!

JACK: You’re welcome!

Featured image: Shutterstock

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top