How can cyber insurers build muscle to tackle privacy risks? | Insurance Business America
This article was produced in partnership with LOKKER.
Forewarned is forearmed.
A leading voice on data privacy protection is urging those who do business online, and those who insure them, to address the threats before they happen.
Jeremy Barnett (pictured), chief commercial officer for LOKKER, knows that privacy threats are growing and that insurers can play a key role in helping their clients comply with new privacy laws.
Five states (California, Utah, Colorado, Virginia and Connecticut) have enacted laws to protect consumer data in their respective areas. And the House of Representatives’ Committee on Energy and Commerce has held hearings on data privacy with the intention of trying to shape a possible federal data privacy law, which is bringing more attention to the issue.
Insurers are also giving the issue more attention, especially as the recent wave of class action lawsuits and regulatory actions are hitting their cyber books.
Cyber Underwriting to Consider Privacy Risks
“Applications for cyber insurance can be updated to include a few key questions about the applicants’ awareness and preparedness for privacy compliance,” Barnett suggested.
This can mean answering important questions on the cyber insurance application, such as:
- Do they have a data privacy officer?
- Do they use a consent manager platform/cookie consent on their website?
- Do they have tools to monitor/manage third-party applications on their web properties?
“Just as insurers evolved cyber underwriting with intelligent tools,” remarked Barnett, “new insurtech is available to help teams assess privacy risks, as well.”
Privacy Risk Management
Cyber insurers have been integrating innovative tools and consulting services to help their policyholders stay ahead of cyber threats. Whether through partner law firms offering incident response planning or proprietary security monitoring tools, cyber risk management continues to evolve from MGAs and traditional carriers.
“The ‘tabletop exercise’ time and again has proven valuable to organizations of every size, ,” Barnett said.
“To address emerging privacy risks, carriers and their policyholders should conduct a privacy tabletop exercise, as well as create a privacy incident response plan to complement the broader cyber tabletop and incident response plan,” Barnett said. “The GC, Privacy team, IT and Marketing teams need to understand the data privacy risks and how to get ahead of them.”
As the plaintiff attorneys are emboldened by recent class actions lawsuits, federal regulatory actions, and aggressive state privacy laws, cyber insurers are dealing with a rash of new data privacy-related claims. Updated training on privacy regulations and compliance requirements is required to help the teams get ahead of the privacy risks. New privacy insurtech will help underwriters as well as the claims teams. “With better intelligence about a policyholder’s website, privacy threats can be identified and mitigated,” remarked Barnett. “The defense council and claims leaders need better intel to challenge the plaintiff’s attorneys alleging that customer data was exposed or shared.”
The best defense is a good offense - when it comes to privacy risk management, be proactive.
“A key benefit of cyber insurance for a policyholder is access to state-of-the-art tools that help avoid an incident,” Barnett said. “For privacy risks, carriers should be offering their insureds tools that can mitigate online privacy threats.
Many new companies, including LOKKER, are developing tools to help insurers underwrite privacy risks with greater intelligence and provide claims teams with advanced technology to monitor and mitigate these threats.
For more information about LOKKER please visit https://lokker.com