“I see 2 big challenges related to developing common definitions,” said John H. Pendleton, the GAO Director Financial Markets and Community Investment. “First, the cyber threat is evolving quickly as evidenced by the rise in ransomware. Second, organizations or companies that are the victims of a cyberattack have been reluctant, often for business reasons, to share the details of what happened to them and how they dealt with it.” The GAO analyzed reports on cyber risk and cyber insurance from researchers, think tanks, and the insurance industry. It also interviewed officials with the US Department of the Treasury and industry associations representing cyber insurance providers. The GAO report found that cyber policies lack common definitions and industry stakeholders noted that differing definitions for policy terms, such as “cyberterrorism,” can lead to a lack of clarity on what is covered. The stakeholders suggested that federal and state governments and the insurance industry should work collaboratively to advance common definitions. The evolving threat paired with lack of good information about attacks have made it difficult to build and price insurance coverage, according to Pendleton. The GAO report found that cyber insurance can help offset the costs of responding to and recovering from cyberattacks. The growing frequency and severity of cyberattacks have led more insurance clients to opt for cyber coverage. The report shows it is up from 26% in 2016 to 47% in 2020.
Insurance policy lingo can be confusing, and cyber insurance is no different. Cyber insurance, however, is a relatively new type of insurance and definitions for what is and is not covered are major concerns. The National Defense Authorization Act for Fiscal Year 2021 included a provision for the US Government Accountability Office (GAO) to study the US cyber insurance market. The GAO report was released in May and it identifies key trends in the current market for cyber insurance and the challenges faced by the cyber insurance market.2 Continue Reading
Common Definitions Lacking According to a 2021 IBM Data Breach Report, the average cost of a health care data breach is now $9.42 million dollars.1 Unless practices have a 6- or 7-figure fund set aside for breach-related expenses, they should think of cyber insurance in the same way they think about fire insurance, Sosa advised. “I typically tell them that it only takes 1 security breach to ruin their reputation and force them to shut down their practice,” Sosa said.
Insurers increasingly have offered policies specific to cyber risk, rather than including that risk in packages with other coverage. This shift reflects a desire for more clarity on what is covered and for higher cyber-specific coverage limits. The report notes that there are limited historical data on losses. Without comprehensive high-quality data on cyber losses, it can be difficult to estimate potential losses from cyberattacks and price policies accordingly. Some industry participants said federal and state governments and industry could collaborate to collect and share incident data to assess risk and develop cyber insurance products. The authors of the report write that malicious cyber activity poses a significant risk to the federal government and the nation’s businesses and critical infrastructure. Cyberattacks result in billions of dollars in losses annually in the US. Threat actors are becoming increasingly capable of carrying out attacks, highlighting the need for a stable cyber insurance market. Industry sources interviewed for the GAO report said higher prices have coincided with increased demand and higher insurer costs because of more frequent and severe cyberattacks. In a recent survey of insurance brokers, more than half of respondents’ clients saw prices go up 10% to 30% in late 2020. Industry representatives told the GAO the growing number of cyberattacks led insurers to reduce coverage limits for some industry sectors, such as health care and education.
Upfront Costs Can Be a Barrier The GAO concluded that developing cyber insurance products can be difficult because insurers do not have much historical data on cyberattack-related costs. Determining what is covered can be hard for clients because key terms do not have standard definitions.
The News Highlights
- Health Providers Are Turning to Cyber Insurance
- Check the latest Health news updates and information about health.
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week