Boards Need to Stay Attuned to Changing Cyber Insurance Markets
Recent shifts in the way insurers are covering cyber risk may necessitate changes in many organizations' approaches to insuring this risk. And it's imperative that board members become more knowledgeable on how insurance market changes can affect their organization’s coverage of those risks.
Our message is straightforward: organizations must elevate cyber risk to a board-level issue and apply the same discipline and governance that other critical risks receive. Boards must embrace their oversight role and include all key internal stakeholders in the cyber risk management process, not just IT, must engage in cyber event planning, training, and incident response rehearsals, and must invest in both cybersecurity technology and insurance, based on quantified measurement of organizational cyber risk.
How can board members and C-suite executives take more ownership of cyber risk and ensure a strategic risk management framework is in place? How can they gain a more thorough understanding of their insurance programs and the protections these programs can offer? A good starting point is to ensure that they are having the right conversations with risk professionals about their organization's cyber exposures, and how their insurance programs will — or won't — respond.
We are entering a new era in the management of cyber threats. As insurance policies will increasingly either affirm or exclude cyber risk, it becomes crucial for board members and C-level executives to understand the potential threats facing their organization and to embrace a strategic risk management approach to combat them.