Cyber insurance is a must these days for almost any company; for Department of Defense (DoD) contractors, it’s an utmost necessity. On the downside, however, if your company is part of a high-risk industry such as manufacturing (as are many DoD contractors), insurance can be expensive or difficult to obtain. But on the upside, there are steps you can take to make your company insurable and even reduce your premiums. And CyberNINES can help you do just that.
Current Market Outlook
According to a recent market update provided by Risk Placement Services (RPS), an insurance aggregator that helps clients find effective cyber insurance, the manufacturing industry is currently the top market sector affected by cyberattacks. System compromise is the most frequent type of impact, and capture or bypass of multifactor authentication (MFA) is the most common method of attack. As to the near future, the emerging area of most vulnerability is the Internet of Things (IoT)—again affecting manufacturers—and the top emerging threat is AI-enabled social engineering, which will enhance spear phishing (faking communications from a trusted sender in order to trick someone into revealing confidential information). According to the report, ransomware attacks, such as the one perpetrated against Change Healthcare earlier this year, have slowed somewhat recently but are still a palpable threat.
The cyber insurance market is constantly changing because the threats being insured against are constantly changing. “Cyber insurance is unique from any other property and casualty product,” stated Steve Robinson, the article’s author, “in that constant evolution is required because the perils insured against are themselves constantly evolving. Wind is wind. Water is water. Fire is fire. But today's cyber isn't tomorrow's cyber.”
The report anticipates changes in the cyber insurance market in the coming months. Whereas premium costs have fallen over the past couple of years, they may well be on the rise now, due to attacks like the Change Healthcare incident. Some companies might risk having their coverage dropped altogether. The report also warns against companies opting for low-cost insurance versus that with comprehensive coverage and risk management options, as such companies might find that coverage isn’t available when they try to make a claim.
How CyberNINES Can Help
Fortunately, there are resources to help companies navigate the ever-changing cyber insurance market. Insurance aggregators with experience across a wide spectrum of industries are able to advise clients on insurance packages that offer the best value, rather than just the lowest cost. And many insurers themselves are playing a greater role, becoming active partners in managing their clients’ risk.
“Insurance underwriters and brokers and companies seeking cybersecurity coverage need to work together to decide how they want to approach their insurance,” said Greg Zacharski, CyberNINES’s Director of Strategic Business Development. “Some underwriters, particularly at smaller insurance companies, will offer a premium that incudes third-party assessment, providing a checklist to be verified by the third-party, which can really bring down the price of the premium. The most evolved insurers are moving in that direction.”
The partnership between a manufacturer, their insurer, and a third-party assessor can be invaluable—a win/win/win for everyone involved. CyberNINES, a certified CMMC Third Party Assessment Organization (C3PAO), is one such partner offering third-party assessments and other services, such as our tabletop exercise (TTX). Many cyber policies include the services of a breach coach, who can be called on to help if an incident occurs; their experience can greatly reduce the damage, protecting both insurer and client. Savvy insurers also get involved before a breach ever happens; for example, the stakeholders in our most recent TTX included the representatives from the client’s insurance company, who played a large role in the simulated incident exercise. These types of preventative measures can help further mitigate the damages caused by a breach as well as reducing the likelihood of an incident occurring in the first place.
In the end, regulatory compliance plays a big part in reducing your risk and increasing your insurability. “Our service validate what insurers are looking for to lower the price of your premium,” Zacharski said. “The services we offer use NIST 800-171 and ISO 27001 protocols—if you follow these, it will help drive down your risk and thus the cost of your premium.”
Source:
Robinson, Steve, “Cyber Market Update 2024 Q2,” Risk Placement Services