With the nature of cybercrime changing at such a rapid rate, the insurance industry has to adapt just to keep up. Hackers remain one step ahead of law enforcement, and they know it. As a result, leading insurance companies have started to implement programs and educational resources for clients that revolve around reducing the impact when a cyberattack does occur.
In many cases, companies’ preparations for a cyberattack are taking more of scenario-driven approach than a technology-driven one. Simulating a cyberattack, just like an organization might do for a fire or catastrophic weather event, is one method being used among some forward-thinking insurance companies.
“We bring in partners to run through a specific scenario: so if something happened on a certain day, we examine the implications a hack would have and what measures the company would have to take,” says Jeremy Barnett, senior vice president of marketing at NAS Insurance. “This is what we call a table top exercise and it forces organizations, and usually the c-suite, to address how ready they are for a cyberattack.”
The exercises are designed to make organizations aware of steps they need to take, and the order in which they need to be taken. Companies are then encouraged to allocate certain responsibilities to appropriate members of staff. It’s all about being ready to act fast when a cyberattack is identified.
“We also develop contingency plans in case a certain person is on vacation or not reachable,” Barnett says. “We make an organization develop a plan in the event of incident A, B or C. Running those exercises with all the stakeholders at the table really helps to address, in advance of an incident, who has what responsibility.”
Having the right policy is also fundamental to cyber safety, and brokers have an important role to play in identifying the areas of risk and suggesting the appropriate cyber policy. Awareness around cyber risks is spreading fast and brokers should be active in offering carefully selected cyber products to their clients.
“With every renewal of a business owner’s policy or general liability policy for a small business, the broker should considering adding cyber,” Barnett says. “There are lots products on the market with varying limits. When you consider that a cyber event could put a small organization out of business, $1,500 or $2,000 for a robust cyber policy represents a good return on investment.”