In a prior posting on this website entitled, “Business Continuity and the Importance of Insurance”, some of the roles that insurance can play in risk management were presented and discussed. Today, given the high priority to risks and threats stemming from cybersecurity related events, it may important to note that insurance can be an important tool to evaluate and assist in mitigating such risks. In fact, according to James Whetstone, a senior V.P. and U.S. technology and privacy manager for insurer Hiscox Speciality, “…there are almost 30 carriers now offering cyber liability coverage …and, the coverage evolved rather quickly to where cyber-insurance is a “must-have for most firms today.”
From a posting on the InsuranceJournal.com website, Andrew G. Simpson, writes that one of the major ways that underwriting has changed in the area of cyberinsurance, according to his discussions with Mr. Whetstone, is “…we used to really focus our underwriting attention on how well they could prevent the breach, but we’ve added another phase to it. Not only can you prevent it, but if it happens, how quickly can you respond? Do you have a plan in place? Kind of like a disaster recovery or business continuity plan. It’s the same with this incident response plan.”
Has your organization kept up with the most recent developments of this great BC/DR tool to mitigate its own potential information security threats?
If applicable, you may want to pass this information along to those risk management and information security specialists in your organization. In particular — especially some of the comments where this posting provides insight from a recent interview between Insurance Journal’s Andrew Simpson and Whetstone discussing such relevant topics as: (a) the evolution of the coverage and the competition among insurers, (b) the importance of a recovery plan, (c) the product’s sales cycle for agents and brokers, and (d) the challenge of underwriting and servicing the coverage in a technology, where political and legal environment(s) keeps changing. This information could also provide an important revision to the business impact analysis update or continuous improvement component of your organization’s business continuity plan.