SAN FRANCISCO – The landscape of cyber insurance, shaped by AI advancements, evolving privacy regulations, and dynamic threat environments, is presenting fresh challenges for insurers and policyholders alike. This insight emerged from a recent panel discussion at the RSA Conference titled “The Art of Cyber Insurance: What’s New in Coverage and Claims.”
During the session, industry experts highlighted the complexities reshaping the underwriting process, coverage models, and claims management in the cyber insurance sector. Peter Hedberg, a senior underwriter at Corvus Insurance, emphasized the lack of standardized policy terminology across the industry. Unlike traditional insurance categories such as general liability or auto insurance, cyber insurance policies often vary significantly in their wording and coverage specifics, especially when addressing emerging technologies like AI and endpoint detection and response.
Monique Ferraro, a legal counsel at HSB, underscored this fragmentation, noting that the absence of uniform definitions poses challenges for both insurers and clients navigating the cyber insurance landscape.
Another critical aspect discussed was the integration of regulatory and legal considerations into cyber insurance frameworks. Violet Sullivan, AVP cyber services at Crum and Foster, cited the example of a North Carolina law prohibiting public entities from paying ransom in cyber extortion cases, complicating the underwriting of policies for businesses in the state.
“Writing cyber coverage in [North Carolina] right now? Why would I?” Hedberg questioned, citing concerns over the potential for open-ended business interruption claims arising from ransomware attacks.
The regulatory complexity extends beyond specific laws. Sullivan highlighted the emergence of what she termed “zombie litigation,” where outdated laws are repurposed in contemporary legal battles related to privacy violations involving technologies like Pixel tracking and web beacons. These legal challenges often target businesses unknowingly collecting user data, exposing them to fines and litigation.
The evolution of cyber insurance is also witnessing niche expansions into personal cyber coverage, cryptocurrency protection, automotive cybersecurity, and HVAC system defense against cyber threats.
Expert Advice for Cyber Insurance
Panelists emphasized the importance of tailored cyber insurance policies that comprehensively address first-party and third-party risks. First-party coverage deals with direct losses like data restoration and business interruptions, while third-party coverage concerns liabilities towards external parties affected by data breaches.
The discussion highlighted the variability in cyber insurance offerings, with specific recommendations for companies to carefully evaluate policies based on their unique risk profiles. This includes ensuring coverage for critical incidents such as ransomware attacks, system disruptions, and legal expenses associated with data breaches.
Additionally, collaboration between legal and marketing departments was encouraged to mitigate exposure to legal challenges stemming from data collection technologies like Pixel tracking and web beacons. Understanding the intricacies of data handling and the implications of emerging laws remains paramount in navigating the evolving cyber insurance landscape.
The insights shared underscore the need for adaptive strategies in cyber insurance to address emerging threats and regulatory landscapes, ensuring comprehensive coverage for businesses navigating the digital frontier.