Move Over: The Impact of MOVEit on Cyber Insurance Risk Assessment

The Impact of a $15 Million Cyber Insurance Payout on Insurers

Introduction

In a recent Security and Exchange Commission (SEC) filing, Progress Software, the company responsible for the MOVEit file transfer software that has been used to breach numerous major organizations, stated its intention to fully collect on its $15 million cyber insurance policy. This significant payout raises questions about how insurers will approach their businesses moving forward. With class action lawsuits, fines, and a damaged brand reputation, it is undeniable that Progress Software will require millions to cover its losses. In addition, Progress Software was already collecting on a previous insurance claim related to a separate incident in November 2022, unrelated to the MOVEit ransomware campaign.

Higher Premiums and Reduced Coverage

The cyber insurance industry lacks historical data and well-established risk models comparable to other types of insurance, such as car or home insurance. As a result, insurers are regularly adjusting their “risk appetite.” Mark Millender, senior advisor for global executive engagement at Tanium, argues that sizeable payouts like the one Progress Software is seeking will drive up premiums and lead to stricter requirements for coverage across the cyber insurance ecosystem. Millender explains that as loss ratios increase and profitability declines, insurers become less tolerant of risk and need to increase revenue through higher premium charges. Moreover, renewing policies after a claim, especially a significant one like Progress Software’s, will become more challenging. Insured companies will face increased scrutiny during the renewal process, with their ability to renew depending on factors such as their claim experience, general cybersecurity defense posture, and how they addressed the incident.

Changing Landscape of Cyber Insurance

The cost of cyber insurance policies has been rising, with coverage becoming narrower. According to a report from Delinea on the state of the cyber insurance industry, two-thirds of surveyed companies experienced a 50% increase in cyber insurance premiums over the past year, coupled with reduced coverage. Additionally, 80% of companies reported submitting at least one claim in the past year. Bud Broomhead, CEO at Viakoo, points out three factors driving the growth of the cyber insurance market: expanding liabilities from cyber breaches, greater accountability for breaches among boards and senior management, and cyber insurance acting as a “forcing function” to maintain cybersecurity posture. Broomhead predicts that as the cyber insurance market matures, these factors will evolve, but the overall result will likely be a continued trend towards more expensive policies with less coverage. However, as insurers refine their risk evaluations, premiums should eventually stabilize.

Improved Communication and Collaboration

In response to heightened scrutiny of clients’ risk profiles, cyber insurers are now engaging in closer communication with cybersecurity teams. This trend towards greater cooperation between insurers and policyholders is expected to be amplified by the Progress Software situation. Dara Gibson, cyber insurance services leader with Optiv, explains that cyber insurers are actively engaging with cybersecurity teams, fostering a collaborative effort. This closer collaboration aims to develop a shared understanding of what constitutes effective cybersecurity. It is incumbent upon enterprise teams to conduct their own risk assessments and ensure that their internal policies cover their entire attack surface. Bud Broomhead emphasizes the importance of ongoing risk assessments, highlighting that both threat vectors and cyber insurance policies are in constant evolution.

Editorial: The Growing Significance of Cyber Insurance

The Value of Cyber Insurance

In today’s digital age, where organizations face an ever-increasing risk of cyberattacks, cyber insurance has become an essential part of every company’s risk management strategy. The ability to transfer financial liabilities resulting from cyber incidents to insurance providers offers a safety net and allows businesses to mitigate potentially catastrophic financial losses. However, as cyber threats evolve and large payouts become more frequent, the nature of cyber insurance policies is evolving as well.

Safeguarding Against Cyber Risks

As cyber insurers adjust their risk appetite and increase premiums, it is crucial for organizations to reassess and improve their cybersecurity defenses to reduce the likelihood of incidents. In an environment of heightened scrutiny from insurers, implementing robust security measures can help companies maintain favorable insurance terms, coverage, and premium rates. This necessitates a comprehensive approach that includes regular risk assessments, gap analysis, and the implementation of industry best practices in cybersecurity.

The Need for Collaboration

The Progress Software case highlights the growing collaboration between cyber insurers, cybersecurity teams, and insured organizations. By engaging with cybersecurity teams and gaining a deeper understanding of “good” cybersecurity practices, insurers can better assess risk and tailor coverage accordingly. This collaboration presents an opportunity for insured organizations to leverage their insurers’ expertise and guidance to enhance their cybersecurity posture. It also signifies a shift in the insurance industry’s approach from being solely reactive to becoming proactive partners in risk management.

Advice: Navigating the Changing Cyber Insurance Landscape

1. Evaluate Coverage Needs

Given the evolving landscape of cyber insurance, it is imperative for organizations to regularly reassess their coverage needs and policy terms. Evaluate whether the existing coverage adequately protects against potential cyber risks and if the premiums remain competitive. Engage with insurance brokers, cybersecurity experts, and legal counsel to ensure a thorough understanding of the policy terms and potential coverage gaps.

2. Strengthen Cybersecurity Defenses

Invest in robust cybersecurity measures tailored to the organization’s specific risks and requirements. Regularly assess and update security protocols, conduct vulnerability assessments and penetration tests, and stay informed about emerging threats. Demonstrating a proactive approach to cybersecurity can help negotiate favorable policy terms and premiums during the renewal process.

3. Foster Collaboration with Insurers

Proactively engage with your insurer to build a collaborative relationship. Leverage their expertise to gain valuable insights into risk assessments, loss prevention strategies, and incident response planning. Regularly communicate with insurers to keep them informed about cybersecurity improvements and demonstrate a commitment to maintaining a strong defense posture.

4. Stay Informed and Adaptive

Maintain awareness of evolving cyber risks and insurance trends. Stay updated on the latest cybersecurity frameworks, industry standards, and best practices to enhance risk management capabilities. Continuously monitor the cyber insurance market to identify emerging coverage options that align with the organization’s evolving needs.

Conclusion

The significant cyber insurance payout sought by Progress Software will likely have a ripple effect on the wider insurance industry. Insurers will likely adjust their risk evaluations, leading to increased premiums and reduced coverage for policyholders. Furthermore, insurers will closely scrutinize insured organizations during the renewal process. As a result, organizations must prioritize strengthening their cybersecurity defenses, engaging in collaboration with insurers, and regularly evaluating their coverage needs in this ever-changing landscape of cyber threats and insurance.