Page 31 - The IT Guidebook
P. 31

CYBERSECURITY INSURANCE - CONTINUED  CYBERSECURITY INSURANCE - CONTINUED





        Illinois  Biometric  Information  Privacy   insurance  products and the  requirements
 CYBER INSURANCE UNDERWRITERS:   GOVERNMENT:   Act,  Europe’s  General  Data  Protection   to  qualify  for  them.  Cyber  insurance
        Regulations, and many other rules. These   companies  also  need  to  balance  renewal
 It  has  become  clear  that  rate  increases   Many  are  watching  an  increased  effort   regulations  follow  a  common  theme  that   timelines  with  required  data  security
 alone will not be able to solve the current   by  both  the  U.S.  and  international   holds  organizations  to  specific  standards   control remediation efforts amidst potential
 and future cyber market challenges. There   governments  to  work  with  and  provide   as they  collect,  store,  process, and   budget  limitations.  Making  sure  your
 is  a  focus  on  changing  coverage  terms,   insight to the private  sector in managing   transfer  consumer  data.  In  some  cases,   technology environment is up to speed with
 which are trending to restrict coverage for   cyber threats, with a particular focus on the   noncompliance  can  lead  to  regulatory   respect to reducing cybersecurity  threats
 systemic risk, where a single vulnerability   ransomware  epidemic.  Guidance  around   investigations,   lawsuits,   fines,   and   is  paramount.  In  order  to  have  effective
 may impact a majority of a carrier book of   OFAC  compliance,  specific  to  whether   settlements  and  may  provide  a  path  for   cybersecurity  insurance  that  permits  your
 business. Carriers are beginning to address   or not ransom payments  can  legally   plaintiffs to pursue private rights of action.    company to transfer the risk of a breach,
 this  in  their  policy  forms  by  imposing   be  made,  was  provided  in  2021,  with   companies  must  implement  stronger
 sublimits and/or exclusionary language for   aggressive  action in  sanctioning  at  least   Because  of  the  highly  nuanced  nature  of   cybersecurity internal controls.
 these global  cyber incidents,  and it may   one cryptocurrency exchange. The private   the cyber insurance market, it is imperative
 impair the buyer’s ability to transfer cyber   sector  may  be subject  to severe  penalties   that your organization is working with an
 risk  in  the  comprehensive  way  it  did  in   for   noncompliance   to   government-  insurance  broker  who  specializes  in  your
 prior years.  mandated  OFAC  requirements. Also,  law   particular  industry  or  line  of  coverage.
 enforcement is to become more proficient   To  effectively  manage  the  underwriting
 REINSURERS:   at  helping  victim  organizations  recover   process, it is essential  that  your cyber
 ransom payments to threat  actors, using   insurance  company  maintains  a  detailed
 Expect markets to seek support from outside   a  combination  of  cryptocurrency  experts,   working  knowledge  of  the  latest  cyber
 the traditional  rated capacity  market via   computer scientists, blockchain analysts,
 collateralized reinsurance and Insurance-  and  crypto-tracers  in  this  effort.  Finally,
 Linked Securities (ILS) transactions with   we  expect  law  enforcement  to  embark
 the  capital  markets.  This  could  also  take   on  a  more  aggressive  offensive  strategy
 the form of looking to different reinsurance   in disrupting  ransomware  as  a  Service
 structures and product development. Also   (RaaS) affiliates.
 expect continued cyber loss modeling tool
 development  as  the  market  pushes  for   The  cybersecurity  insurance  industry  has
 further insights into the far-reaching threats   changed  dramatically  in  the  past  3  years
 of systemic cyber risk.  and will continue as hackers become more
 sophisticated.  Regulatory  risk continues
 CYBER RISK MANAGEMENT   to evolve as privacy laws around the U.S.
 VENDORS:   and  international  arenas  expand.  Data
 subjects, and the regulators that represent
 The  service  providers  that  help  prevent   them,  are  more  empowered  than  ever  by
 and mitigate the effects of cyber incidents   the California Consumer Privacy Act, the
 play  a  role  of  growing  importance  and
 have  become  a  fixture  in  today’s  cyber
 marketplace. Buyers of cyber insurance will
 need to leverage these services one way or
 another, and the vendors that can provide
 efficient and cost-effective solutions for the
 needs of specific risk profiles will continue
 to emerge as a necessity.





 29                                                                        30
   26   27   28   29   30   31   32   33   34   35   36