While total cost of risk (TCOR) has been slowly declining over the past few years, there is one insurance area that has seen a significant increase – cyber liability.
Cyber insurance costs are rising fast, with average costs increasing to US$0.28 per US$1,000 of revenue in 2017, from US$0.21 in 2016. That’s an increase in premium of 9% per employee.
As a relatively new offering for insurers, it makes sense that cover will become more comprehensive as they gain more data about potential risks and claims. A better level of cover will obviously lead to higher premiums.
It’s also true that the cyber landscape is changing. For example, larger organisations used to be the primary target of cyber hackers, with smaller businesses not believing that they would suffer a breach. However, this is no longer the case as big businesses invest in better cyber management protection. In fact, the healthcare sector is one of the most targeted industries, with small medical practices suffering regular breach attempts for the sensitive and lucrative data that they hold.
With General Data Protection Regulation rules tightening the governance of personal information of European citizens, as well as other similar data protection laws around the globe, the need for mitigating cyber risk, coupled with the right cyber insurance, is becoming increasingly more vital.
According to RIMS, the types of coverage available is evolving rapidly to include such things as identity theft as a result of security breaches, costs associated with damage or breach to personal data, and credit monitoring services for people affected by their data being compromised.
However, the cost of cyber premiums can be limited if you handle your risk management practices properly – and in particular, look after your data. If you do your part to protect your organisation from data breaches, it will also strengthen your bargaining position when it comes to negotiating terms of cover for your cyber insurance.
Reducing your cyber liability footprint will not necessarily remove the risk altogether, but hand in hand with cyber insurance, risk management will put your company in the best position to avoid data breaches and enable you to act with a swift, robust response if you do experience a hack.
As we’ve discussed before, there are two core parts to effective data governance – data minimisation and data retention. These both reduce your exposure and liability in the event of a breach.
If as a company you can prove that you don’t keep data unnecessarily, and delete or anonymise it once it’s no longer in active use, then this should enable you to improve the terms of your cyber cover. There will be less risk of your data being breached and personally identifiable information (PII) being stolen and used by cyber criminals.
Underwriters like to understand the risk that they are insuring – if you can demonstrate to them that you take data protection seriously, they can legitimately defend their decision to offer you better insurance terms. That could be lower premiums, or better cover.
The Ventiv Data Governance module deletes or anonymises claims data your organisation no longer needs, thus proving to insurers that you’ve limited your exposure to cyber-crime.
When you go to market for cyber insurance you will have to fill out a survey detailing your security practices, controls and tools that you have in place to protect your data. This enables insurers to determine your risk profile, and ultimately the price of coverage. Having the right systems and processes in place should reduce your overall cyber insurance costs, and minimise any premium increases.
When used with RiskConsole Advance, the Data Governance module helps you to gain an accurate picture of your risk profile, which means that you have better negotiating power rather than letting the insurer determine premiums and terms based on its own assessment. You will have accurate, comprehensive data that as a Risk Manager, you can use to argue for premiums and terms that you see are fair and reflective of your actual risk profile.
The Data governance module is an integral part of your data strategy, it
Jan 7, 2019
| Originally posted on