CYBER INSURANCE Author Kristoffer Haleen, Cyber Practice Leader in Willis Towers Watson Sweden & Finland Additional information from SIMO HANNULA, Senior Specialist, Risk & Analytics, Willis Towers Watson Finland
O
ver the last few years, cyber insurance has become increasingly common, although it is still not part of every company’s risk management toolbox. From the very privacy-focused, one size fits all, policies that first made it to Finland and Scandinavia around ten years ago, the policies have now evolved into different offerings for various sectors. As claims activity has increased, this form of insurance has become less profitable for insurance companies, leading to increased scrutiny of buyers, and higher premiums for those companies that are buying. This makes it necessary for insurance buyers to understand what they are buying. Old truths hold just as well for cyber insurance as they do for anything in life– the more time you spend, the better the reward. This article aims to update readers on the purpose of cyber insurance, how current trends are affecting the insurance industry, and what companies should consider when buying cyber insurance CIRCLE OF LIFE
The current global pandemic caused by the new variation of the coronavirus, better known as COVID-19, has forced many organizations to vacate offices 8
|
CYBERWATCH
FINLAND
and support the concept of having their employees working from home. Although some organizations had already adopted a remote workforce model, there are many examples were this was a foreign concept. The quick transition to a remote workforce is not without its challenges and risks. This is a fact that cybercriminals know and together with the overall crisis sentiment creates opportunities that they can exploit. Readers of Cyberwatch will understand this better than most. In our line of work, we have seen companies sacrifice security for convenience. One example was particularly horrifying, with the company disengaging Multi-Factor Authentication for its employees, as the MFA solution in place was not designed to cater for the large number of users that suddenly needed access to applications on the corporate network. Without overstating anything, there are very few good reasons to do this. In fact, we can’t think of any. Reports are coming in from all sides of the IT-security community of attackers using the pandemic to phish organizations and gain access to networks. For insurers, Covid is a disaster on several lines of insurance, and there is a great fear that this will have a similarly negative impact on cyber insurance.
