Cyber Insurance: What Are You Missing?

April 1, 2017

It’s been nearly two years since we addressed cyber insurance in the Cyber Tactics column, so I decided to get an update from Bob Parisi, Managing Director at Marsh. Parisi is a pioneer in the industry, having written some of the very first cyber insurance policies in the late 1990s.

Steven Chabinsky: The cyber insurance market seems to be growing by the day. Still, when clients come to you, do you think they have a good sense of all of the coverage options that are available?

Bob Parisi: I would like to think that, as an industry, we’ve made everyone aware of all the coverage options out there. That said, two areas of coverage tend to be lesser known. First, many companies don’t realize that there’s cyber insurance for direct or first party loss. This covers lost revenue due to an interruption of your own computer system, whether because of a data breach or because the underlying technology simply failed to work. Second, there’s coverage for contingent business interruption, known as CBI, and for service interruption. CBI is an interruption that results not because of a failure of your systems, but due to a vendor’s failure. Service interruption, well that’s a bit narrower, it covers failures of a utility or an internet service provider.

Steven Chabinsky: Are there any major privacy or technology risks that still are hard to insure or are outright not insurable?

Bob Parisi: Reputational harm remains very difficult to insure. Since it’s impossible to place a discrete value on reputation, it’s equally hard to calculate the value of a change in reputation. Also, insuring a lost trade secret remains a problem. Trade secrets are not treated the same way as other corporate assets and typically are not assigned a financial value. Added to that, insurance markets feel there’s an implicit moral hazard since insureds could be motivated to artificially inflate the value of their own trade secrets.

Steven Chabinsky: What do brokers do when it comes to helping clients with cyber insurance?

Bob Parisi: Well, in my experience the best brokers aren’t merely helping their clients place insurance, they’re helping their clients better understand their specific risks and their options for handling those risks. Although cyber risk can’t be solved simply by throwing money and technology at the problem, it’s equally true that it can’t be solved simply by transferring risk though insurance. The best brokers actually can help their clients conduct a cyber maturity assessment that relates to the spectrum of threats and the range of harms they face. They provide clients with a process, which empowers the client to make more informed decisions on how to handle that risk, be it through insurance or another approach. Brokers are available to help guide or, at a minimum contribute to, a company’s risk mitigation process.

Steven Chabinsky is global chair of the Data, Privacy, and Cyber Security practice at White & Case LLP, an international law firm. He previously served as a member of the President’s Commission on Enhancing National Cybersecurity, the General Counsel and Chief Risk Officer of CrowdStrike, and Deputy Assistant Director of the FBI Cyber Division. He can be reached at chabinsky@whitecase.com.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Cyber Insurance: What Are You Missing?

Recent Articles by Steven Chabinsky

Who's Responsible for Cloud Security?

Clear, Purge & Destroy: When Data Must be Eliminated, Part 2

Clear, Purge & Destroy: When Data Must be Eliminated

Bug Bounty Programs: An Emerging Best Practice

Managing Supply Chain Risk

Security Magazine

2020 October

Cyber Insurance: What Are You Missing?

Recent Articles by Steven Chabinsky

Related Articles

Report Abusive Comment