Cyber insurance enables organizations to enhance risk management, business continuity, and data breach recovery
Cyber insurance has come a long way since the 1990s, when you could count the number of insurers on a few fingers. Today, most liability insurance companies offer cyber insurance in response to the growing number and variety of risks to our extensive digital assets. And as cyber insurance has become more common, policies can now be tailored to client needs and may be more affordable as well. 
However, navigating the cyber insurance landscape can be daunting, with complicated questionnaires, lengthy coverage and rate negotiations, and even special tools or processes that may be necessary to identify and obtain the coverage most suitable for your organization.
How Cyber Insurance Has Evolved
Cyber liability policies have slowly evolved from the riders and endorsements of the 1990s, to general commercial liability policies, to standalone cyber insurance policies. Twenty years ago, the terms of most commercial liability policies prohibited cyber liability coverage for data breaches and resulting damages, according to an article in CLM Magazine.
Today, organizations have a broad choice of policies that can include coverage for the costs arising from a data breach. Organizations can even purchase coverage for costs associated with assembling a breach team, breach notification communications, data monitoring, forensic investigations, and interruption of business operations, as a few examples.
Not only have new risks and vulnerabilities influenced the evolution of cyber insurance, but new technologies have also driven changes. For example, the widespread adoption of cloud technology and the Internet of Things spurred significant changes in cyber insurance. As the article notes, cloud technology poses a unique concern for cyber insurers because most cloud service providers are data aggregators serving numerous clients, and an attack in this environment could incur large-scale data breach losses and business interruptions for multiple organizations simultaneously.
Today, Scores of Cyber Insurance Providers Offer Options
Last year, Reinsurance News published a table listing the top 20 property and casualty insurance carriers who provide cyber insurance in the U.S.. The companies are ranked by total standalone and packaged cyber insurance direct premiums written in 2022.
- Four companies offered 100% standalone cyber insurance policies, including Fairfax Financial (USA) Group, XL Reinsurance America Group (AXA XL), Sompo Holdings US Group, and Swiss Reinsurance Group. None of these companies provided cyber insurance packaged with other coverage.
- Five companies offered 90% to 99% standalone cyber insurance policies, including American International, Randall Group, Beazley USA, Nationwide, and Arch Insurance Group.
- The top five companies offering cyber insurance packaged with other coverage included Chubb (100%), CNA Insurance (87.9%), Hartford (85%), Ascot Insurance (55.7%), and Liberty Mutual (50.2%).
In addition, AIG, AXIS, Hiscox, Munich, Travelers, Zurich, and others offer a variety of cyber insurance solutions. And beyond these options, many smaller insurance companies provide cyber insurance and are well worth exploring.
New Cyber Insurance Program for HITRUST-Certified Organizations
HITRUST assesses and certifies organizations in the adoption of the HITRUST CSF, a comprehensive, scalable, efficient framework for information risk management, cybersecurity, and regulatory compliance. HITRUST is the leader in enterprise risk management, information security, and compliance assurances. The proven framework (certified organizations have a breach rate of only 0.64% over two years) helps organizations all over the world, in any industry or sector, earn the trust of stakeholders by demonstrating their commitment to widely accepted information security standards.
In a May 16, 2024 press release, HITRUST announced a groundbreaking partnership with Trium Cyber, a specialty insurance underwriter backed by Lloyd’s of London. This collaboration introduces a new cyber insurance product exclusively for HITRUST-certified organizations, setting a new standard in the alignment of information risk assurance and insurance underwriting, according to the announcement.
This innovative insurance product is designed to address the growing complexities and inconsistencies in the cyber insurance market. The press release notes that organizations seeking insurance face increasing challenges in qualifying, fluctuating rates, and a burdensome application process. And insurers have struggled to accurately understand and underwrite cyber risks due to inadequate and non-standardized assessment approaches.
Initially, organizations who have been assessed and certified to HITRUST r2 requirements will have access to the special offering from Trium. The HITRUST Risk-Based 2-Year Assessment (r2) offers the highest level of security assurance within the HITRUST Framework, enabling Trium to deliver insurance that more accurately reflects risk and moving away from traditional, often inadequate underwriting methods, according to the release.
The collaboration between HITRUST and Trium Cyber marks a significant step forward in aligning cybersecurity assessments with real-world insurance needs as essential tools for effective risk management.
Summary
Cyber insurance solutions have come a long way since the 1990s. Today, any organization can take advantage of a multitude of cyber insurance options, which are available from dozens of insurance companies either bundled with other coverage or as standalone policies. With so many choices, selecting the right provider and the right coverage can be challenging in terms of complicated application forms, lengthy negotiations, and fluctuating rates.
HITRUST has removed some of the complexities and streamlined the process by partnering with Trium Cyber to offer an exclusive cyber insurance product to HITRUST-certified organizations.
Others can obtain expert assistance in navigating the cyber insurance landscape, and in identifying suitable cyber insurance products, from cybersecurity consulting firms such as 24By7Security. Our extensive cybersecurity advisory services encompass many risk management tools, best practices, and compliance requirements. Additionally, organizations interested in adopting the proven cybersecurity standards of the HITRUST CSF can find expert assistance through our HITRUST Readiness services. Contact us today for a complimentary consultation.
