October is Cybersecurity Awareness Month, and recently I had the opportunity to host a roundtable discussion in Washington, DC with the U.S. Chamber of Commerce on the topic. The focus of the conversation was preparing businesses for and protecting them from potential cyber events. Our objective was to highlight the role that traditional risk transfer in the form of cyber insurance, is playing in this modern-threat world. Additionally, we discussed how some insurers are working with their insureds to improve resilience and prevent and respond to cyber-attacks.
The unique perspective we have at Zurich, as a cyber insurer, is that we see the cyber threat from all different perspectives. We see the headlines and stats and have a deep understanding of the economic impact these events have on the livelihood of our customers. We have insight into new and best-in-class security controls, and we know what it will take to quickly recover from a cyber event.
In conversations with our customers, we have heard that many are confused about what a cybersecurity and privacy insurance policy would and would not cover, so we rewrote our policy to make it easier to understand. Many customers expressed an awareness of the threats but confusion regarding where to focus their cyber security efforts. As a result, we have expanded our cyber risk engineering team to assist them with their security planning.
Additionally, customers express frustration at the lack of attention to this matter by C-suite, so we work to help them by gathering the proper data and claims examples to demonstrate the threat in ways that leadership finds relatable. Zurich has been a leader in these areas and is looking to continue collaboration with customers, law enforcement, the legal community, and the public sector to help minimize the severity and economic impact of cyber events.
As cyber threats increase and rapidly change from year to year, even month to month, it is imperative that corporations seek out insurance as part of a holistic cybersecurity plan and work with their insurance company to meet company-specific needs regarding this unique peril.
There is no way to ensure 100% prevention of cyber events, but preparation, deployment of proper security programs and hygiene (even with stretched resources there are some impactful steps you can take) can minimize the threats to and impacts upon the organization. Risk transfer is an important operational backstop, as is partnering with law enforcement and post-breach response teams that handle matters in a quick and effective manner.
As we look toward the future and toward greater innovation, Zurich will work with our clients to ensure policy form language addresses current events and threats as they develop. Likewise, we will work with the public sector on financial backstops, education, training, information sharing, and common taxonomy. Cyber threats are only going to continue to develop, and it’s more important than ever that all the ‘good guys’ are on the same side and aligned on improving resilience and preventing the impact of cyber events.
By: Yosha DeLong
Technical Director – Cyber & Professional Lines, Zurich NA