What can be done to close the cyber coverage gap?

What can be done to close the cyber coverage gap? | Insurance Business America

What can be done to close the cyber coverage gap?

Despite a growing awareness of cyber threats, businesses – especially small ones – remain underinsured in this area.


Brian Thornton, CEO

“There are a few areas we can focus on to close the cyber coverage gap. Insurers can continue to focus on affirmatively covering or excluding cyber in all policies to help reduce gaps and overlaps. Staying on top of changing exposures and being able to better educate clients about their specific exposures and what coverages are available in the market will be critical. Lastly, there are a lot of valuable pre-breach and post-breach risk management services, including software as a service, that should not be overlooked, as these can reduce risk and the likelihood of a claim.”

Kelly Castriotta, North American regional head of product development, financial lines
Allianz Global Corporate & Specialty

“Two issues dominate: companies that don’t view insurance as an effective risk mitigation tool for cyber incidents and companies that buy the wrong products.  On the first point, get both the CISO and risk manager talking to the insurance team to break the silos of purchasing insurance. Second, cyber insurance was viewed as a gap-filler, and that paradigm needs to shift. The product has grown from managing exposure from web content to a privacy security tool to protecting businesses from supply chain interruptions and attacks on critical infrastructure, and it can provide a host of services to manage such attacks.”


Graeme Newman, Chief innovation officer
CFC Underwriting

“It’s not a coverage gap; it’s an awareness gap. People don’t tend to purchase a new line of coverage until they have experienced an event themselves or seen it happen to someone close. The media focuses on large events affecting well-known businesses because that’s what makes headlines. Thus, some infer that cybercrime is something that only affects large businesses. Most businesses are targeted not because they are valuable, but because they are vulnerable. Most small businesses don’t have the resources to protect themselves and therefore are hit more often than large businesses; it just doesn’t make news.”