Cyber Risks vs. Insurance: Where Do They Intersect?
The Relationship Between Cyber Risk & Insurance
Some commercial insurance categories map intuitively to the vulnerabilities that could trigger them. Not having a sprinkler system increases the risk of catastrophic fire, and such a fire in a factory will clearly cause loss of property and interruption to business operations. It's easy to draw the line from sprinklers to property and BI risk.
Other times, risks themselves can be hard to understand, and therefore hard to map to insurance exposure. Even if you know something about a company’s IT vulnerabilities, it can be hard to know exactly how, for example, a poor software patching regimen impacts the threat of ransomware and therefore potential losses resulting from dealing with a ransom situation. What is software patching, anyway?
Risk Exposures: Explained
Making matters worse, many IT security exposure categories map to multiple possible insurance risks. To make sense of these complicated interactions, we put together a document that provides a basic overview of how common IT exposure categories map to insurance risks. See the first page of our infographic here, and download the full PDF to see the second page with deeper explanations.
The Corvus Scan identifies eight primary categories of risk exposure: Software Patching, Web Encryption, Email Security, Web Applications, Threat Intelligence, Defensibility, System Hosting, and DNS Security.
Our infographic explains how all of these eight categories may potentially relate to an insurance policy. For instance, poor email security can lead to a bad actor gaining access to an organization’s sensitive information. Poor system hosting might allow a hacker to shut down an organization’s website, leading to an interruption of business. It’s all connected, and it all goes back to your risk exposure. Click to see more.
What’s the difference between your most overprepared travel buddy and a cybersecurity pro?
The following interview was originally published as part of Corvus’s quarterly Cyber Risk Aggregation report, known as the Nutcracker Report. We deliver these insights on trends in the aggregation of cyber risk to a select group of reinsurers, reinsurance brokers, and program managers. If you’d like to receive the report in the future, please send your inquiry to email@example.com.