Insuring Cyber Podcast: What the ‘New Normal’ Means for Cyber Insurers, Coverage

More than a year has passed since pandemic-related government restrictions began, causing many businesses around the world to shift their workforce to remote.

With increased reliance on technology, new work environments and greater use of at-home devices and networks in some cases, experts say cyber risks have grown as criminals find ways to exploit user data and gain access to passwords and systems.

As a partial return to normal is sought by many, more than 806 million vaccine doses have been administered worldwide, according to New York Times data at time of publication. However, increased cyber risks due to the COVID-19 driven work from home environment are likely here to stay.

At least, that’s what Jerry Ray indicates in this episode of The Insuring Cyber Podcast. Ray is the Singapore-based chief operating officer of enterprise data security and encryption business, SecureAge.

“Regardless of people going back into the office or not, so many changes have taken place in both the security infrastructure that’s had to be built around work from home, as well as employees’ habits and practices,” he says.

Ray says that compounding the issue are challenges some companies face when understanding their own cyber risk and finding the right insurance coverage.

“It’s very hard for companies to appreciate their own risk,” he says. “I see many companies not opting in or not considering policies the way they should simply because they can’t gauge the extent of their own exposure.”

He says more of a unification of language and available coverage across cyber insurance policies could be a solution.

“A homeowners policy or auto insurance [policy] is very simple for people to understand what those are,” he says. “They can look across three or four different providers and have a sense of the questions that’ll be asked, the type of coverages that are provided.”

Later in this episode, Tim Francis, enterprise lead for cyber insurance at insurance company Travelers, says he believes work from home cyber risks didn’t become as big of a problem as was thought near the pandemic’s onset. However, he says the challenge is cyber issues that did arise still persist a year later.

“Everybody’s working environment is different in terms of how they’re doing this,” he says, adding that insureds need to be adapting their cyber incident response plans as a result.

“If you had an incident response plan, and you tested it, but you haven’t tested it in light of potentially and likely new working arrangements, you ought to do that too,” he says. “Would that same incident response plan that you had in place pre-COVID work in a post-COVID working arrangement?”

For insurers, he says it’s good practice to make sure the insurance that clients are purchasing works for their risk transfer objectives and to take a look at the exclusion language in light of a work from home context.

“While it’s, I think, unlikely that there might be some exclusions in place that apply, it’s important to look at that,” he says. “Does the definition of a computer system or employee work in the context of a work from home environment? And so, the agent can help guide the customer through that, and frankly, ought to be guiding the customer through that.”

Check out the rest of this episode to hear what else Jerry and Tim have to say, and be sure to check back for new episodes that publish every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening.