Cyber insurance is not a luxury anymore.

According to the study by PWC most of the cyber insurance providers quote the customers based on a simple set of self-declaration questionnaires to determine the cyber risk level for the customers. The questions asked by the insurance companies cover various topics including but not limited to industry segment, business size, revenue, compliance with industry-specific standards as well as technical measures related to the cyber assets of the customer. The risk assessment questionnaire does not assess the cyberinfrastructure of the client to be able to determine a quantitative and measurable index for the robustness of the IT infrastructure against cyber-attack.

The technical assessment by the insurance companies is limited to a few simple questions such as encryption of the data and the intrusion detection system (IDS) deployment. This approach towards technical assessment will fail to address the risk associated with the complex cybersecurity space. Cyber risk is not static, and it is a dynamic value and it is changing on a daily basis. The ability to continuously monitor and audit the cyber risk level of the customer is a more comprehensive approach that can benefit both customers and insurance companies. Coverage provided by cyber-insurance policies may include first-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks.

Cyber Insurance advantages:

Cyber-insurance is enormously beneficial in the event of a large-scale security breach. Insurance provides a smooth funding mechanism for recovery from major losses, helping businesses to return to normal and reducing the need for government assistance. In addition, insurance allows cyber-security risks to be distributed fairly. This avoids potentially dangerous concentrations of risk.

Cyber insurance coverage types:

The main points which can be covered through cyber insurance are listed in the following:

Network Security: Insurance against cyber attacks and hacking attacks.

Theft and fraud: Covers destruction or loss of the policyholder’s data as the result of a criminal or fraudulent cyber event, including theft and transfer of funds.

Forensic investigation: Covers the legal, technical or forensic services necessary to assess whether a cyber attack has occurred, to assess the impact of the attack and to stop an attack.

Business interruption: Covers lost income and related costs where a policyholder is unable to conduct business due to a cyber event or data loss.

Extortion: Provides coverage for the costs associated with the investigation of threats to commit cyber attacks against the policyholder.

Reputation Insurance: Insurance against reputation attacks and cyber defamation.

Computer data loss and restoration: Covers physical damage to, or loss of use of, computer-related assets, including the costs of retrieving and restoring data, hardware, software or other information destroyed or damaged as the result of a cyber attack.

Information Privacy: Covers organizational liability(ies) arising from actual or alleged non-compliance with any worldwide cyber, information privacy, or identity-related regulation, statute, or the law.

Cyber coverage challenges:

Despite the scale of the opportunity, providing cyber insurance is not without its complications. While most insurance products are based on decades of actuarially sound, aggregated, and shared data, cyber insurance is more risky. Not only is this type of insurance far newer, but the information surrounding associated risks and vulnerabilities is also more fragmented. One way that insurers can better understand and price for cyber risks is through the GDPR regime, which compels certain firms to make mandatory declarations of data. However, the extent to which insurance companies will obtain access to this disclosed GDPR data, both now and in the future, is not currently clear.

Assessing the risk of and coverage against digital threats is also difficult, with many insurers challenged by the complexities of pricing cyber insurance products. There is also uncertainty in the market as to whether businesses have coverage against cyber attacks as part of current policies, and if so the degree of coverage provided.

Another factor to consider is that, as businesses in possession of significant volumes of highly sensitive customer data, insurance companies are themselves prime targets for cyber attacks. As insurers transform legacy systems and manual processes to become more reliant on new technologies and platforms, the corresponding risk of attack and need for cybersecurity grows.

Our Solution:

Ledgercover introduces the AI-enabled smart contract that can provide reliable and scalable solutions for insured clients for cybersecurity. The stakeholders for the offered solution include the customers, insurance companies, and the cybersecurity service providers. The AI-enabled smart contract can offer cyber insurance for the clients based on their accurate cyber risk index and the smart contract can monitor the policy for the duration of the insurance policy. In case of any claim or dispute, the insurance company or the auditors can review the immutable records and process the claim. The Ledgercover will use the permission-based blockchain technology offered by the AWS which is more popular among business users than public versions such as Ethereum.