When it comes to incident response, is your cyberinsurance carrier on your side?


Just as security leaders and pros are firming up their policies and strategies to secure hybrid work for the foreseeable future—they get hit with an all-out assault of ransomware attacks.

Abstract Malware Ransomware virus encrypted files with keypad on binary bit red background. Vector illustration cybercrime and cyber security concept.

Image: iStockphoto/nicescene

More about cybersecurity

After a year of pandemic-related disruption and an uptick in ransomware and serious cyberattacks of all kinds—just as security leaders and professionals are firming up their policies and strategies to secure hybrid work for the foreseeable future —they get hit with an all-out assault of ransomware attacks. It’s a very stressful time for an already very stressful role. Recently, I spoke with a longtime client and security leader who said candidly, “I feel like I’m just weeks away from a disaster.” 

When natural disasters strike, first responders rush to the scene. In the aftermath, homeowners turn to their insurance carriers to help them pick up the pieces. Although the process is often onerous, most homeowners are able to rebuild. When a cyberattack occurs, incident responders are deployed to contain and isolate the crime scene, trace the criminals’ steps and limit the damage. If it’s a ransomware attack, this process may take longer and require more resources and decisions—many of which may be dictated not by a company’s security leader or senior executives but by the insurance carrier. To ensure an insurance claim can be made in the aftermath of a breach or attack, many cyberinsurance carriers are now requiring involvement in every step of the incident response process, including ransomware negotiations and payment decisions. 

This is a natural reaction from an insurance sector that’s in its relative infancy. Cyberinsurers lack the decades of historical loss data and analytics found in more mature sectors, like property and casualty, yet they’re faced with rapidly increasing demand for coverage. Some insurers may even drop ransomware coverage for select industries or geographies, as AXA just did in France, in an effort to cut the flow of cash to attackers who bank on payments and to shore up losses. For this insurance sector to survive, it needs to establish some ground rules, some of which may increase the difficulty of obtaining coverage or filing a claim. 

So, where does this leave security leaders and their teams? That’s the focus of research Forrester just kicked off. As anxiety about cyberattacks continues to rise, organizations are reviewing, revising, and rehearsing their incident response and crisis management plans with renewed fervor. A thorough understanding of the details of cyberinsurance coverage is critical. This research will lay out a set of cyberinsurance-related considerations that security leaders and their executive teams should discuss as they assess their readiness for and response to a disaster in the form of a breach or attack. 

This post was written by Senior Analyst Jess Burn, and it originally appeared here

Also see