It is not often that a governmental entity lays bare the strategy for commercial success.
On February 4, 2021, the New York State Department of Financial Services (DFS) issued “Insurance Circular Letter No. 2 (2021)" to “All Authorized Property/Casualty Insurers” with the gentle title “Cyber Insurance Risk Framework.”
The letter outlined a cyber insurance risk framework to carriers in the hopes of helping stem the tide of cybersecurity incidents. DFS acknowledges the importance of cyber insurance and asserts that “cyber insurance plays a key role in managing and reducing cyber risk.”
We couldn’t agree more, and we’re not mad DFS shared the strategy because we’ve taken this approach since Coalition’s founding in 2017 when we shared our “(not so) secret master plan.”
DFS recognizes the need for a robust cyber insurance market and policies that can proactively and explicitly provide coverage for cyber risk. Towards that goal, DFS proposes their Cyber Insurance Risk Framework specifically targeting property and casualty insurance companies that delineates the “best practices for managing cyber insurance risk,” focusing on “a rigorous and data-driven approach to cyber risk” by cyber insurers.
DFS accurately states that without this ability to measure risk, cyber insurers can actually increase the chances of an incident as policyholders will rely upon their carriers instead of creating a robust cybersecurity program.
Cyber insurance is just as important — if not more so — than commercial general liability coverage in 2021. DFS expects the $3 billion cyber insurance market (2019) to jump to over $20 billion by 2025. These numbers don’t even include those cyber-related claims that are submitted under non-cyber insurance policies. We can confidently say Coalition meets all practices in the framework not only for ourselves but our customers.
Let’s explore each suggestion in the framework:
NY DFS is hoping to protect insurance carriers from taking on silent cyber risk while also giving them a blueprint to help reduce cyber crime and cyber risk for their policyholders. If an insurance carrier is not following this framework, they are putting their policyholders at risk.
This framework is not just good for carriers to review but for prospective insureds and broker business partners as well. They can leverage it while reviewing their carrier relationships to ensure that their chosen cyber insurance provider has the most appropriate cyber insurance coverage for their needs.
Coalition has been following this framework since day one. Our policy is explicit in its coverage for cyber risk, and our proprietary scans and security tools are specifically designed to evaluate the cyber risk of our insureds, prospective insureds, and even their service providers. We aggregate this data and additionally look at risk based upon industry, employee count, and various other metrics to determine what type of risk a company has and what steps can be taken to reduce their exposure.
One of the most amazing things that I’ve seen at Coalition was when we notified an insured of a potentially latent compromise on their network — basically, we discovered a hacker in their network who had installed malware that was silent but could be activated at any time to steal data. We got buy-in from their IT team to install an endpoint detection & response (EDR) solution that was able to literally detect and stop the attempted deployment of ransomware a week later.
This is a rigorous and data-driven approach to cyber insurance where Coalition continuously evaluates the risk of our insureds to help keep them incident-free. One of the things I say to my Insureds often, “It was great talking to you, but I hope we never talk again.”
Coalition is here for the good days and most certainly here for the bad days, where we can leverage our expertise to help get businesses back up and running as quickly and efficiently as possible.
I think one of the bigger parts of the framework is education. We cannot solve cyber risk on our own, so we have regular webinars and presentations for our policyholders and broker business partners. You can also reach out to our security and claims team with questions about your policy, how Coalition keeps your business safe, and if there is anything you should fix or remediate on your network even absent a security failure or data breach.
NY DFS has provided a foundational framework for how insurance companies should manage cyber risk and focuses on basic cyber hygiene and security risk management — which is exactly why Coalition has lower claims frequency, lower claim costs, and safer insureds than other insurance carriers in the marketplace.
Download the 2021 Coalition Cybersecurity Guide or Checklist for 10 simple steps you can follow to keep your organization safe and secure.