When it Comes to Incident Response, is Your Cyber Insurance Carrier on Your Side?
You know, I really feel for security leaders and professionals. After a year of pandemic-related disruption and an uptick in ransomware and serious cyberattacks of all kinds — just as they’re firming up their policies and strategies to secure hybrid work for the foreseeable future — they get hit with an all-out assault of ransomware attacks. It’s a very stressful time for an already very stressful role. Recently, I spoke with a longtime client and security leader who said candidly, “I feel like I’m just weeks away from a disaster.”
Cybersecurity ‘First Responders’
When natural disasters strike, first responders rush to the scene. In the aftermath, homeowners turn to their insurance carriers to help them pick up the pieces. Although the process is often onerous, most homeowners are able to rebuild. When a cyberattack occurs, incident responders are deployed to contain and isolate the crime scene, trace the criminals’ steps, and limit the damage. If it’s a ransomware attack, this process may take longer and require more resources and decisions — many of which may be dictated not by a company’s security leader or senior executives but by the insurance carrier. To ensure an insurance claim can be made in the aftermath of a breach or attack, many cyber insurance carriers are now requiring involvement in every step of the incident response process, including ransomware negotiations and payment decisions.
This is a natural reaction from an insurance sector that’s in its relative infancy. Cyber insurers lack the decades of historical loss data and analytics found in more mature sectors, like property and casualty, yet they’re faced with rapidly increasing demand for coverage. Some insurers may even drop ransomware coverage for select industries or geographies, as AXA just did in France, in an effort to cut the flow of cash to attackers who bank on payments and to shore up losses. For this insurance sector to survive, it needs to establish some ground rules, some of which may increase the difficulty of obtaining coverage or filing a claim.
Practicing Incident Response and Crisis Management Plans
So, where does this leave security leaders and their teams? That’s the focus of research Heidi Shey and I just kicked off. As anxiety about cyberattacks continues to rise, organizations are reviewing, revising, and rehearsing their incident response and crisis management plans with renewed fervor. A thorough understanding of the details of cyber insurance coverage is critical. This research will lay out a set of cyber-insurance-related considerations that security leaders and their executive teams should discuss as they assess their readiness for and response to a disaster in the form of a breach or attack.
Are you interested in participating in this research? We’re interviewing security leaders, incident response service providers, law firms providing incident and crisis management external counsel, and cyber insurance carriers. Please reach out to Senior Research Associate Melissa Bongarzone for more information.
And for more from Forrester on cyber insurance, check out this blog post from my colleagues Heidi Shey, Alla Valente, and Ellen Carney: The Cyber Insurance Roller Coaster: As Demand Speeds Up, Some Insurers Disembark