The launch of NAS Insurance’s Advanced Cyber Risk Report tool appears to be an important forward step in the battle against rising cyber insurance claims and costs.
The new tool gives brokers and agents information about a potential client before they’ve even sold them a policy; it provides brokers with a high-level understanding of the potential policyholder’s risk profile against some of today’s common cyber risks and enables them to educate clients on their risks with an outside and expert opinion.
“We assess the five vectors of a company’s public facing web environment: the domain security, network exposure, web application risk, web traffic encryption, and mail server security,” says Jeremy Barnett, senior vice president of marketing at NAS Insurance. “We don’t need access to a private secure environment to assess these things; they are all based on the potential client’s public web server that we can do an initial scan on, just to see how things are configured and where things exist.”
The report generates a score explaining how well the client is prepared for some of today’s cyber threats. Scores range from 0-100 with 0 being the worst score (those at the highest risk to cyberattack) and 100 being the best (those with a lower risk to a cyberattack).
“The overall score is calculated from combining and weighting the individual risk scores,” Barnett says. “Regardless of the score, everyone is susceptible to a cyberattack and therefore at risk to some degree. Even organizations with excellent cybersecurity programs experience data breaches.”
“Getting this information up front helps the broker sell, and be more informed about their clients and hopefully create a more constructive conversation in presenting cyber liability insurance rather than using third party information and headlines from the newspapers than can give a bit of insight upfront.”
As with everything cyber, the next new development is not far away. Barnett believes the next frontier of cyber protection will involve tools with the ability to assess clients’ privacy compliance. While there hasn’t been much regulatory involvement on privacy issues up until now, new laws being passed in various states, including the roll out of the California Privacy Protection Act in 2020, will likely lead to more regulatory bodies challenging companies on their privacy practices.
“Facebook is embroiled in an issue right now and the government is making threats to Amazon and Google about their potential monopolization of consumer data collection and usage,” Barnett says. “I think that the new frontier where cyber insurance will be of value is in regulatory protections, and using your insurance policy as a way of helping you become compliant with privacy laws.”