Are cyber insurance policies are weighted too much in favour of the insurer, and do they devalue the security equation?
UK financial services body the Prudential Regulation Authority (PRA) has issued a warning to insurers regarding the risk of claims for damages arising from cyber-attacks on their customers. The PRA recommendations include the carrying out of stress testing of their capability to respond to a large number of claims at once – no doubt inspired by the recent WannaCry and notPetya attacks.
Following a year-long consultation, the PRA has set out what it expects from insurers that underwrite cyber-related losses. This includes introducing measures to reduce “unintended exposure to risk” such as raising premiums and having robust exclusions as well as specific limits for the cover offered. This got us here at SC Media UK wondering whether cyber insurance policies are weighted too much in favour of the insurer rather than the insured, and just what the security industry makes of it all? Not least, whether cyber insurance adds value to the security equation or devalues it.