06.27.18
Corvus Team

Smart Cyber Insurance™ and The Evolution of Cyber Risk

Cyber Risk Is Evolving

The self-contained enterprise is a thing of the past, as more companies rely on third-party vendors for services related to data storage, web hosting, IT security management, logistics, and more. While these providers have allowed companies to operate more efficiently, cyber exposures have increased as a result.

Massive retail data breaches, state-sponsored malware attacks, and the mishandling of sensitive information by the world’s largest companies have kept cyber risk in the headlines for the greater part of the last decade. Digitization has forced even smaller organizations to consider a wide variety of both internal and external threats to data security. The self-contained enterprise is a thing of the past, as more companies rely on third-party vendors for services related to data storage, web hosting, IT security management, logistics, and more. While these providers have allowed companies to operate more efficiently, cyber exposures have increased as a result. It’s no wonder cyber liability coverage has received much of the recent attention in the commercial insurance world.

The History of Cyber Insurance

Nearly 15 years ago, the earliest versions of stand-alone cyber policies would only cover third-party liability arising from the wrongful release of confidential information. Expenses related to first-party breach notification costs, digital forensics, data destruction, and contingent business interruption were not typically addressed. Not only was the coverage limited, but the underwriting process was arduous as insureds were forced to complete lengthy applications, supplemental questionnaires, and teleconferences to discuss the details of their IT security. Carriers offered few proactive risk management services, forcing insureds to incur additional expenses if they needed guidance on IT security best practices.

While insurers have made progress broadening the scope of cyber coverage, unfortunately, many of the outdated methods of underwriting remain commonplace and carrier loss prevention advice is often inadequate.

How Is Corvus Helping to Re-write the History of Cyber Insurance?

At Corvus, we take a vastly different approach to underwriting and risk management. We believe in leveraging the best technology to assist our policyholders proactively address cyber risk. Rather than relying on prolonged applications with limited value, we use non-invasive web scans as part of the underwriting process and we provide our customers with meaningful insight into their IT security performance. At the time of quoting and throughout the policy period, we deliver a detailed analysis of the insured’s security operations with concise, risk-prioritized recommendations to resolve critical vulnerabilities. We red-flag IT supply chain issues and we offer meaningful business intelligence reports to insureds that are serious about confronting cyber risk head-on. Policyholders have access to a number of resources to help strengthen their IT security posture, including sample IT security policies, online privacy training, and a directory of pre and post-breach experts. We call this process Dynamic Loss Prevention™.

More precise underwriting means improved coverage and competitive premiums as well. Insureds with the strongest IT security controls are eligible for broad-form first and third-party coverage, including extensions for blanket contingent business interruption triggered by cyber perils, system failure, reputational loss, social engineering, ransomware, and much more.

Our mission at Corvus is to arm commercial insurance brokers and our policyholders with the best available tools to tackle cyber risk from all angles. A modern and dynamic solution is required to address a constantly evolving risk landscape. This tech-enabled, holistic approach to risk management is what we call Smart Cyber Insurance™.

[RELATED POST] Tech Companies: Beyond Cyber Risk, the Cost of Downstream Impact

Tech Companies: Beyond Cyber Risk, the Cost of Downstream Impact

The rise of remote work and growing concerns over ransomware acted as partners-in-crime to get organizations to hone in on risk mitigation efforts over the past couple years. Through compiling our Risk Insights Index, we found that with certain initiatives —  safer or reduced usage of RDP, growing use of email security tools, and other measures taken to limit the impact of threat actors — businesses are more prepared than a year before and ready to play defense. Those efforts are borne out in our finding that the rate of companies who pay a ransom when attacked with ransomware fell by half within a year. 

[RELATED POST] Tips from Top Brokers: How to Play Offense in a Cyber Hard Market

Tips from Top Brokers: How to Play Offense in a Cyber Hard Market

The whisperings of “firming rates” start first, quietly in business meetings, then published in industry reports. Soon to follow, rumblings of a “hard market” are brought to the conversation. It’s cyclical in nature, and we see it across all insurance lines at one point or another. For years, Cyber Insurance stretched far and wide with “soft” market conditions, remaining highly profitable. Now that period of growth, with exceedingly available coverage and inviting terms, has stalled in the face of a hard market.