It’s an annual event – the enterprise risk management team or the CFO reaches out to the CISO or CIO when it’s time to renew cyber insurance coverage. They ask for the same information as last year:
- What type of coverage do we need?
- What’s the right amount to buy?
Basic questions but still very difficult for many organizations to answer because fundamentally, they are questions about cyber risk, and that’s still a foreign language for the cybersecurity profession, by and large.
Cybersecurity specialists can talk about vulnerabilities, threats, and the maturity of their controls environment, but they don’t have the conceptual models or the tools to talk risk in terms of loss events with a probable frequency of occurrence and size of financial impact. Without that toolset they can’t effectively advise on what risks are worth mitigating with controls or transferring to insurance.
The emergence of the FAIR cyber value-at-risk model and new cyber risk quantification software changes that annual conversation. Buyers of cyber insurance can now hold informed discussions with insurance brokers, based on a clear understanding of risk on a par with the rest of enterprise risk management.
That breakthrough led to the formation of the Cyber Insurance Workgroup of the FAIR Institute composed of cyber insurance buyers and sellers and law firms advising companies on their cyber liabilities.
The goal of the workgroup was to identify the ways in which use of the FAIR model can optimize the discussions around cyber insurance coverage. After all, a buyer doesn’t want to end up with the wrong product that doesn’t cover actual risks while a broker might find it difficult to sell the right amount of insurance without the customer having a true appreciation of the possible risk.
The Cyber Insurance Workgroup will present a white paper "Improving the Cyber Insurance Underwriting and Buying Process" at the upcoming FAIR Conference 2018. Also featured at the conference: A real-life analysis by cyber insurance buyer and FAIR user Express Scripts.
If you are a seller or buyer of cyber insurance, attend the FAIR Conference to learn how FAIR is taking the guesswork out of cyber insurance
Contributing Cyber Insurance Workgroup members include:
Chip Block, Vice President, Evolver Inc.
Cody Whelan, Risk Consultant, RiskLens
Bob Parisi, Managing Director, Marsh
Arthur Hsu, Lead Product Manager, Marsh
Indrajit (Indy) Alturi, Information Security Manager, HIPAA Security Officer, ProPath Services LLC
Trish Carreiro, Associate, Axinn, Veltrop & Harkrider
Brooke Oppenheimer, Attorney, Axinn, Veltrop & Harkrider LLP
Samuel Tashima, Associate Director & Actuary, Aon
Geoji Paul, Director of Information Security, Express Scripts