reputational damage. Or an insurer may cut
coverage in half, or introduce a deductible,
said Brent Reith of the broker Aon.
While some smaller carriers have dropped
coverage altogether, the big players are
instead retooling.
Then there are hybrid insurers like Resilience
and Boston-based Corvus. They don’t
simply ask potential customers to fill out a
questionnaire. They physically probe their
cyber defenses and actively engage clients as
cyber threats occur.
“We’re monitoring and making active
recommendations not just once a year but
throughout the year and dynamically,” said
Corvus CEO Phil Edmundson.
But is the overall industry nimble enough to
absorb the growing onslaught?
The Government Accountability Office warned
in a May report that “the extent to which
cyber insurance will continue to be generally
available and affordable remains uncertain.”
And the New York State Department of Finance
said in a February circular that massive industry
losses were possible.
Both insured and insurers, stingy about sharing
experiences and data, shoulder the blame for
that, the U.K. Royal United Services Institute said
in a new report. Most ransomware attacks go
unreported, and no central clearinghouse on
them exists, though governments are beginning
to pressure for mandatory industry reporting.
As a business sector, insurers are not especially
transparent. In the U.S. they are regulated not by
the federal government but by the states.
Image: Greg M. Cooper