Once corporations became targets of cyber attacks, providing insurance to cover damages to computer infrastructure and business processes was inevitable. But as attacks have escalated in scale and nation-state hacking has become more prevalent, the cost of breaches and restoring operations have also.
What began several years ago as a simple questionnaire on cybersecurity coverage today has evolved into detailed requirements for data hygiene, audits, and IT infrastructure. Simply put, cybersecurity insurance companies can’t treat someone who negligently operates their network the same as someone who invests millions in third-party audits.
Thus cloud service providers, the likes of AWS, Microsoft, and Google, hope to help provide more transparency to insurance companies. This results in better coverage for the client, and lower costs. Maintaining a sustainable cyber insurance market is the goal.
Customers can choose to rely more heavily on cloud-provided services, or work with approved partners to help assess risk and increase security and compliance.
Cybersecurity Data Informing the Policy
Cybersecurity insurance policies surged 79% within the last year, according to Protocol. Coverage has tightened, and protection from nation-state attacks or cyber war conflicts is now largely up for debate for coverage.
High-risk sectors such as critical infrastructure or healthcare remain the most difficult to provide coverage for. Cybersecurity insurance has become harder to obtain and more expensive, according to the report.
Adopting zero trust architecture is part of the actions companies can take to help lower cyber exposure and decrease premium costs. Google Cloud announced the Risk Protection Program and Cloud Protection as a private preview in March 2021.
Cloud service providers can take data points about a customer’s cloud architecture and generate a security score. This score can be optionally shared with an insurance firm to help write a policy and formulate cost.