Issue link: https://resources.genetec.com/i/1031822
"In the future, this will likely evolve and change into a more IT knowledgeable, data driven, risk model for insurance. Once that happens, the ability to discuss beneficial treatment in the market will improve." © Genetec Inc., 2018. Genetec and the Genetec Logo are trademarks of Genetec Inc., and may be registered or pending registration in several jurisdictions. Other trademarks used in this document may be trademarks of the manufacturers or vendors of the respective products. Genetec Inc. genetec.com/locations info@genetec.com @genetec Security conversations with Hart Brown, Executive Vice President and COO at Firestorm Solutions Q: What factors do insurers take into consideration when pricing cyber insurance? i.e. what can companies do to reduce their premium? A: An extremely important part of the cyber insurance puzzle is how the insurers view actual IT ecosystems. This knowledge is still developing and evolving. Traditionally, the actuarial process involves reviewing a significant amount of data to create the risk model. In the case of cyber, the necessary data is not fully developed. So, the process of getting cyber coverage involves a relatively standard set of questions on general IT policies, management hierarchy, size of the IT infrastructure, and type of business. These components really do not have enough depth to develop an answer to why one organization is a better risk than another. For an organization to put themselves in a better position, it takes a few things to come together at the same time. It is possible, but, the organization must have someone in a position to educate the insurance broker on why the decisions and investments made are better than everyone else in the sector. The broker must be able to understand this information and be able to present it to the carriers. The carriers must be able to understand this and then review how it could change the premiums or the policy language. This is all keeping in mind that most of those in the insurance industry are not necessarily IT experts. So, at this time, it takes a few steps that not everyone is fully prepared for. However, if an organization is able to translate the cyber risk into a financial risk model, and is able to convey that information to the carrier, there is a much greater chance of being successful. In the future, this will likely evolve and change into a more IT knowledgeable, data driven, risk model for insurance. Once that happens, the ability to discuss beneficial treatment in the market will improve. Until then, the organizations need to develop and prove their systems are well developed in a meaningful way, they need to financially model and partner with educated, experienced cyber brokers who will in turn educate the carriers.