Page 30 - The IT Guidebook
P. 30

CYBERSECURITY INSURANCE - CONTINUED                                                                       CYBERSECURITY INSURANCE - CONTINUED





                                                                                       Illinois  Biometric  Information  Privacy   insurance  products and the  requirements
        CYBER INSURANCE UNDERWRITERS:              GOVERNMENT:                         Act,  Europe’s  General  Data  Protection   to  qualify  for  them.  Cyber  insurance
                                                                                       Regulations, and many other rules. These   companies  also  need  to  balance  renewal
        It  has  become  clear  that  rate  increases   Many  are  watching  an  increased  effort   regulations  follow  a  common  theme  that   timelines  with  required  data  security
        alone will not be able to solve the current   by  both  the  U.S.  and  international   holds  organizations  to  specific  standards   control remediation efforts amidst potential
        and future cyber market challenges. There   governments  to  work  with  and  provide   as they  collect,  store,  process, and   budget  limitations.  Making  sure  your
        is  a  focus  on  changing  coverage  terms,   insight to the private  sector in managing   transfer  consumer  data.  In  some  cases,   technology environment is up to speed with
        which are trending to restrict coverage for   cyber threats, with a particular focus on the   noncompliance  can  lead  to  regulatory   respect to reducing cybersecurity  threats
        systemic risk, where a single vulnerability   ransomware  epidemic.  Guidance  around   investigations,   lawsuits,   fines,   and   is  paramount.  In  order  to  have  effective
        may impact a majority of a carrier book of   OFAC  compliance,  specific  to  whether   settlements  and  may  provide  a  path  for   cybersecurity  insurance  that  permits  your
        business. Carriers are beginning to address   or not ransom payments  can  legally   plaintiffs to pursue private rights of action.    company to transfer the risk of a breach,
        this  in  their  policy  forms  by  imposing   be  made,  was  provided  in  2021,  with                         companies  must  implement  stronger
        sublimits and/or exclusionary language for   aggressive  action in  sanctioning  at  least   Because  of  the  highly  nuanced  nature  of   cybersecurity internal controls.
        these global  cyber incidents,  and it may   one cryptocurrency exchange. The private   the cyber insurance market, it is imperative
        impair the buyer’s ability to transfer cyber   sector  may  be subject  to severe  penalties   that your organization is working with an
        risk  in  the  comprehensive  way  it  did  in   for   noncompliance   to   government-  insurance  broker  who  specializes  in  your
        prior years.                      mandated  OFAC  requirements. Also,  law     particular  industry  or  line  of  coverage.
                                          enforcement is to become more proficient     To  effectively  manage  the  underwriting
                  REINSURERS:             at  helping  victim  organizations  recover   process, it is essential  that  your cyber
                                          ransom payments to threat  actors, using     insurance  company  maintains  a  detailed
        Expect markets to seek support from outside   a  combination  of  cryptocurrency  experts,   working  knowledge  of  the  latest  cyber
        the traditional  rated capacity  market via   computer scientists, blockchain analysts,
        collateralized reinsurance and Insurance-  and  crypto-tracers  in  this  effort.  Finally,
        Linked Securities (ILS) transactions with   we  expect  law  enforcement  to  embark
        the  capital  markets.  This  could  also  take   on  a  more  aggressive  offensive  strategy
        the form of looking to different reinsurance   in disrupting  ransomware  as  a  Service
        structures and product development. Also   (RaaS) affiliates.
        expect continued cyber loss modeling tool
        development  as  the  market  pushes  for   The  cybersecurity  insurance  industry  has
        further insights into the far-reaching threats   changed  dramatically  in  the  past  3  years
        of systemic cyber risk.           and will continue as hackers become more
                                          sophisticated.  Regulatory  risk continues
            CYBER RISK MANAGEMENT         to evolve as privacy laws around the U.S.
                   VENDORS:               and  international  arenas  expand.  Data
                                          subjects, and the regulators that represent
        The  service  providers  that  help  prevent   them,  are  more  empowered  than  ever  by
        and mitigate the effects of cyber incidents   the California Consumer Privacy Act, the
        play  a  role  of  growing  importance  and
        have  become  a  fixture  in  today’s  cyber
        marketplace. Buyers of cyber insurance will
        need to leverage these services one way or
        another, and the vendors that can provide
        efficient and cost-effective solutions for the
        needs of specific risk profiles will continue
        to emerge as a necessity.





    29                                                                                                                                                    30
   25   26   27   28   29   30   31   32   33   34   35