New York Issues Cyber Insurance Framework
Early this month, New York’s Department of Financial Services, the regulator for banks and insurance companies, issued guidance on cybersecurity insurance.
Unfortunately, the guidance was not to insurance customers; it was for insurance companies.
The regulator is concerned that big breaches may cause insurance companies to go out of business.
DFS advised insurers against paying ransoms, in part because they may run afoul of new Treasury Department regulations that consider those payments aiding terrorists.
Insurance companies had to pay out almost $3 billion after the Not Petya attack for policies that didn’t say anything about cyber events.
DFS wants insurers to consider 7 specific practices. These practices are designed to help insurers understand risk, set prices and control payouts.
None of this helps clients.
Attacks like SolarWinds may cause insurers to exclude coverage to companies who bought insurance to get coverage.
ONE THING THAT CARRIERS ARE DOING IS MAKING COMPANIES COMPLETE SECURITY QUESTIONNAIRES AND IF THEY DON’T LIKE THE ANSWERS, THEY ARE EXCLUDING CERTAIN COVERAGES.
All this means that it is even more important than ever to have an insurance agent who is specifically knowledgeable in cyberrisk insurance.
Credit: CSO Online