The two biggest questions that insurance brokers look to answer when providing policies for their clients is understanding their level of risk and how much coverage they need to sufficiently mitigate that risk. This is even more true for cybersecurity insurance providers, where your policy holders’ cybersecurity performance directly impacts the likelihood, and resulting damage, of a catastrophic cyberattack. To date, the best way that organizations have demonstrated cybersecurity performance is with certifications, audits, and compliance, but that isn’t always reliable, especially with the complexity of today’s digital systems. If an organization has an ISO 27001 certification that was performed 2 years ago, it isn’t necessarily indicative of current performance.
In the auto insurance industry, insurance providers have begun to implement data gathering efforts in voluntary “safe driver” programs that utilize phone telemetry to determine how risky a driver is on the road. They provide lower premiums to drivers who can prove that they are steady-handed defensive drivers. We can apply this same logic to cybersecurity, where real-time and historical cybersecurity performance metrics can be correlated to demonstrate how well an organization practices fundamental cyber hygiene. The answer, in this case, is Cybersecurity Performance Management (CPM)TM.
CPM is the process of evaluating an organization’s cybersecurity posture utilizing past and present cybersecurity metrics. These cybersecurity performance indicators (CPIs) identify poorly performing processes, chart a path to improved security posture, and reduce cyber risk. Cyber insurance brokers play a crucial role in helping organizations manage their cyber risk by providing cyber insurance policies that protect against financial losses resulting from cyber attacks, which can be better tailored to suit their client’s needs with this valuable insight.
We’ve written about cybersecurity performance management extensively in the past, specifically as it can be used for Performance Based Cyber Insurance™. For more about CPM, take a look here if you want a deeper dive.
The Importance of Cybersecurity Performance Management for Cyber Insurance Brokers
Cyber insurance brokers need to have a good understanding of their clients’ cybersecurity posture to provide them with the right insurance coverage. Without this understanding, brokers may not be able to accurately assess the cyber risk facing their clients and they may not be able to provide them with the right level of insurance coverage.
Cybersecurity Performance Management helps cyber insurance brokers evaluate their clients’ cybersecurity posture and identify areas of potential risk. By assessing their clients’ cybersecurity posture, brokers can recommend insurance policies that provide adequate coverage for their clients’ cyber risk. Since cybersecurity performance management helps brokers determine the effectiveness of their clients’ cybersecurity programs, it can be used to negotiate better insurance coverage terms and conditions.
In response to a dramatic uptick of catastrophic ransomware attacks beginning in 2019, insurance brokers have been wary of extending large coverage caps to even their biggest clients. In response, as part of the recently released National Cybersecurity Strategy, the White House is looking to assess how it might construct a cyber insurance backstop to enable insurers to take on more risk.
Writing for the Wall Street Journal, David Breg posits that the ransomware crisis of the past few years has led to higher premiums and a minor narrowing of coverage, and recent cybersecurity trends don’t give underwriters reason to reduce prices or broaden coverage. As a response, insurance providers have continued to move away from self-attestation customer questionnaires and towards a data-driven approach that provides more substantial estimates of applicants’ risk profiles.
This proposal, along with the benefits provided by CPM, could give insurers the breathing room needed to expand their offerings and create a more robust and resilient marketplace.
How Cybersecurity Performance Management Helps Cyber Insurance Brokers
There are several ways in which CPM helps cyber insurance brokers:
1. Better Risk Assessment
Cybersecurity Performance Management helps cyber insurance brokers assess their clients’ cyber risk more accurately. By evaluating their clients’ cybersecurity posture, brokers can identify areas of vulnerability and determine the likelihood and potential impact of a cyber attack. This information can be used to better identify risk and exposure to both the insurance provider as well as the policy holder, reduce claims, and minimize pays and losses..
2. Improved Insurance Coverage
Cyber insurance policies can be complex, with various terms and conditions that can affect the coverage provided. Cybersecurity performance management helps brokers understand the effectiveness of their clients’ cybersecurity programs, which can be used to tailor their coverage to areas where they need the protection most. This can help ensure that their clients are adequately covered
3. Enhanced Claims Management
When a severe breach or ransomware breaches the policyholders’ defenses, cyber insurance brokers play a critical role in righting the ship with their support during claims management. By having the insight provided by CPM, brokers can better identify the root cause of the attack and determine both the extent of the damage and what coverage their policy provides for any specific incident. This information can be used to facilitate claims management and help their clients recover from the attack more quickly.
4. Reduced Systemic Risk, Likelihood, and Impact of Cyber Attacks
Cybersecurity Performance Management can also help directly reduce cyber risk. With the insight provided by CPM and the incentive of lower insurance premiums, organizations have a financial incentive to continuously improve their cybersecurity posture. This improved cyber hygiene can help reduce the likelihood of an attack and minimize the potential impact of any successful attack.
It’s no secret that CPM has been making waves in the industry. For the past two years, CPM has been identified by Gartner as an emerging product category in their Hype Cycle for Cyber and IT Risk Management publication. CnSight, TDI’s flagship CPM product, won Gold in this year’s Cybersecurity Excellence Awards both as best Cybersecurity Performance Management Product and as the best Cyber Insurance Industry Solution. Cybersecurity Performance Management is critical for cyber insurance brokers in helping their clients manage their cyber risk, which is where CnSight comes in.
CnSight solves a number of today’s cybersecurity challenges. The biggest pain point we see with the industry is a critical lack of visibility into the day-to-day cybersecurity performance of security teams, which makes identifying gaps in security programs and appropriately funding security improvements challenging. CnSight addresses this by aggregating security data on to a centralized platform, fed via integrations with tools you already use, to provide performance tracking metrics representative of your entire security posture. Understanding where your team’s current performance lies is critical in tracking the movement from “where we are” to “where we need to be.” CnSight does the hard part by centralizing the data from your vulnerability scanners, mobile device management platforms, cloud platforms, and other security tools that form the backbone of your security posture. You can schedule a demo here if you would like to learn more about how CnSight can help you manage your cybersecurity performance and reduce systemic risk in complex digital systems.