Will CrowdStrike change cyber insurance?

Cyber insurance underwriting and premium metrics have been evolving since the inception of the first cyber insurance policy in 1997, even though the name "cyber insurance" hadn't been adopted at that time. As Warren Buffet pointed out in May, the ever-changing cyber threat landscape means that underwriting metrics and premiums will continue to adapt.

The recent CrowdStrike incident highlights how a single, widely used security tool being compromised can lead to a widespread event. From an insurance perspective, how would you assess a potential incident that could affect all of your insureds simultaneously, assuming the policy covers such an event?

This brings us to another important aspect of cyber insurance: not all policies are created equal. For instance, Business Interruption Coverage is not universally included in all cyber insurance policies; some may even explicitly exclude it. Understanding what your policy covers and what it does not is crucial. This knowledge should be integral to developing your Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP), as it plays a significant role in expediting recovery and ensuring ongoing operations.

Not knowing what your cyber policy covers is akin to having a first aid kit and being unaware of its contents.

To eliminate guesswork, it's essential to have a security and insurance solution tailored to your business by experienced professionals. Guardz offers a comprehensive, professionally crafted solution that aligns with your business needs and risks, ensuring that your security and insurance strategy is well-suited to your specific requirements.