Cloud Data Combats Cyber Insurance Conundrum

The current reality is that costs of suffering cyberattacks continue to climb while the ability to insure against a possible cyber disaster diminishes. The cyber insurance gap is widening, with many businesses either uninsured or underinsured against a rising tide of cyber threats.  A typical data breach could cost the average organization $2.4 million for investigation and recovery. Still, only 55% currently have cyber insurance — and less than 20% have coverage more than $600,000 – the median ransomware demand in 2021.

Q2 2022 saw distinct changes in the cyber insurance market, with market segments becoming more nuanced. While clients still needed to demonstrate good levels of risk control to secure capacity, insurers became more flexible. Clients could explain their risk acceptance rationale within this ambit. Insurers drew increased attention to areas where clients need to demonstrate strong control measures.

As the market develops further, carriers are finding better ways to provide coverage – by working directly with cloud providers. Global insurance giant Munich Re is working with Google Cloud and insurer Allianz on a policy that aims to provide customers with lower costs, broader coverage and greater transparency. This unique approach uses customer’s IT configuration data from cloud providers, giving insurers greater confidence in assessing cyber risk of prospects.

When Google Cloud and partner carriers began offering their “Cloud Protection+” policy in mid-2021, it began a trend of vendors taking a hands-on role in co-designing cyber policies. Other major cloud vendors have since launched their own bids to enable a more data-powered cyber insurance market. AWS has partnered with startup Cowbell Cyber and Swiss Re to provide insurance coverage of workloads running on its cloud. Microsoft has teamed up with cyber insurer, At-Bay, on a policy covering use of the cloud-based Microsoft-365 productivity suite. The upside for cloud vendors is that the program incentives rely more heavily on their cloud-based services.

Google’s program requires customers to use Google Cloud with policies covering all of a customer’s IT environments. Customers participate by using Google Cloud’s Risk Manager tool to scan their cloud environment and drawing security metrics to inform the underwriting process. Subsequently, customers choose what scanned data to share, thereby launching the insurance purchasing process.

With Google’s program as well as other vendors, these policies cover the customer’s entire IT footprint. But, importantly, the coverage is broader for Google Cloud workloads than would be available for insuring assets in typical IT environments, with enhanced pricing. The broader coverage includes enhanced third-party liability along with extra coverage for direct losses from a cyberattack. Other additions offered are coverages for protection against theft of trade secrets, typically excluded in cyber insurance policies. Currently these policies are geographically restricted and limited to smaller and medium businesses.

AWS, Cowbell Cyber and Swiss Re offer a risk assessment tool that facilitates cyber insurance coverage purchase for AWS workloads. The policy just covers usage of AWS and is most ideal for customers that use the AWS cloud extensively. The program utilizes Cowbell Factors, the startup’s underwriting platform that rates a business on its security risk relative to its peers in the industry, providing lower premiums and higher limits for customers that rate better on configuration, vulnerabilities and compliance measures.

In a survey, 60% respondents said they would reconsider entering into an agreement with another business if they did not have comprehensive cyber insurance. More than two-thirds of IT decision-makers are likely to reassess a partner agreement owing to cybersecurity practices. Besides supply chain concerns, cybersecurity practices along with successful technology implementation, are linked to an organization’s ability to procure cyber insurance. Organizations need to equip themselves to demonstrate key security benchmarks to qualify for coverage, or to increase the amount of coverage on an existing policy.

Cover Image

You get 3 free articles on Daily Fintech. After that you will need to become a member for just US$143 a year (= $0.39 per day) and get all our fresh content and our archives and participate in our forum.