Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Improving Cyber Insurance Lifecycle Outcomes for All Involved
The Who and What of Cyber Insurance
Cyber insurance, once a nice-to-have, is now a non-negotiable for the modern business. But the cybersecurity insurance industry has reached a tipping point – innovate or fail. Carriers, brokers and insureds are struggling to navigate an unpredictable cyber landscape with so many new vulnerabilities and threat actors appearing on the scene daily. Without changes, the industry may not be sustainable at the time it’s needed most.
Optiv launched our Cyber Insurability Services to help clients attain the ideal policy for their business. Creating a sustainable cybersecurity insurance process requires the right combination of expertise, planning, tools and resources. A technology-agnostic cybersecurity advisory partner, Optiv helps those seeking cyber coverage connect the dots between security and enterprise risk management.
Advisen Information Security and Cyber-Risk Management Survey, 2020
Cyber Insurability Navigator Service Brief
Optiv’s cyber experts have carefully compiled a list of essential security controls for insureds as they set out on their cyber insurance attainment or renewal process.
Identity and Access Controls
MFA, PAM, Managed Identity
Data Privacy & Governance
Discovery, Protection (DLP, CASB), Cryptography
Logging and Monitoring
SIEM, WAF, SOAR, Email
VM Programs, Patch Management, Remediation
Detection and Response
EDR, NDR, Threat Hunting, MXDR
CRS, Backup, TPRM
Incident Response Readiness
Plans, Playbooks, Tabletops
Network & OT Security
Architecture, Management, Protocols
Four key principles our insurance experts stress throughout each Cyber Insurability Services engagement:
Premium increases, limit reductions, high deductibles and coverage restrictions alone aren’t the solution. Progress requires innovation, but carriers and brokers can’t do it alone. Long-term sustainability requires the majority of insureds purchasing cyber insurance to maintain a commonly accepted cybersecurity maturity baseline. Things like multi-factor authentication, incident response retainers and dedicated threat analysts are only becoming more commonplace. Optiv’s Cyber Insurability Services can provide all of this and more as a cyber advisory and solutions leader within security.
Underwriting cyber risk is hard. Cyber insurance carriers are adapting, but the traditional point-in-time approach isn’t effective in today’s threat landscape. Why? It lacks validation methods, meaningful monitoring and loss control during policy terms. Innovation will help close the gap between cybersecurity and cyber insurance, making the underwriting process more meaningful for the carrier, more predictable for the insured and more effective in controlling losses and minimizing claims.
Cyber insurance is evolving rapidly from specialty to standard coverage. It looks more like a cybersecurity service than a traditional insurance product. Brokers are now required to become experts on technical insurance products, advise their clients on cyber risk management best practices and provide incident response support. The traditional insurance distribution model needs to incorporate independent cybersecurity support aligned with the insurance process.
A murky legal and regulatory environment requires carriers, brokers and insureds to operate without the benefit of clear standards, laws and baseline cybersecurity requirements. With advancements in underwriting and better cybersecurity alignment, cyber insurance has the potential to encourage broad adoption of cybersecurity best practices and serve as a positive force to combat cybercrime.
Organizations purchase cyber insurance policies to help manage the financial risk associated with cyber threats, including ransomware attacks.
Who are the key players in cyber insurance?
Carriers underwrite, rate and bind insurance coverage, and they’re responsible for paying claims and making coverage determinations. Brokers provide access to cyber insurance markets, review and submit applications to carriers, place insurance coverage and interact with their clients insureds throughout the cyber insurance lifecycle.
What does cyber insurance cover?
Policies differ, but many standalone policies provide coverage that falls into one of five categories (listed below). Think of cyber insurance as a backstop behind cybersecurity controls. It’s most effective when it helps address residual cyber risk or cybersecurity gaps that an organization isn’t able to control.
What isn’t covered by cyber insurance?
Cyber insurance coverage is evolving quickly. Most policies will not cover things like infrastructure failure, acts of war, improving systems and networks, the value of intellectual property, specified incidents or known incidents that occurred before the policy start date.1
1To avoid possible claim denials, organizations must carefully and honestly complete applications and address subjectivity requirements to avoid violating application warranty statements or policy conditions. Insureds – read your policy carefully and consult your broker or carrier for guidance.
What factors influence premium increases and coverage denials?
Cyber insurance carriers are working hard to align underwriting with the evolving threat landscape. They pay close attention to common themes driving claims as well as new and emerging threats. As a result, underwriting requirements change, and insureds will want to be aware of common reasons for carrier denials. Learn more about Ransomware.
Organizations purchase cyber insurance policies to help manage cyber threats, including risks associated with ransomware attacks. Below, we’ve highlighted some best practices for all parties involved in the cyber insurance process using a security-focused perspective:
Think like an underwriter by focusing on factors that influence insurability, loss control and claim prevention.
Take control of the cyber insurance process by benchmarking cyber insurance readiness against common underwriting criteria.
Manage cyber risk as an ongoing effort and build cyber insurance into your cybersecurity strategy.
Monitor changes in your environment, attack surface and emerging threats during the policy term to avoid losses and prepare for renewals.
Build and practice your cyber incident response plan and make sure it aligns with your cyber insurance policy.
Engage a cybersecurity advisory partner capable of delivering lifecycle services from readiness through incident recovery.
Embrace the role of trusted advisor by adopting tools, technologies and practices that bring the cyber insurance and cybersecurity processes closer together for insureds.
Empower insureds with resources to (1) identify insurability gaps, and (2) monitor and alert on high-profile attacks, changes in attack surface and in-term loss control resources.
Lean on your cyber advisory partner to deliver cybersecurity services and solutions without adding staff or resources. Don’t go it alone.
Collaborate with your cyber advisory partner to translate tactical cybersecurity recommendations and underwriting subjectivities from carriers into long-term cybersecurity success for insureds.
Collaborate with others in the cybersecurity industry to help communicate to insurance buyers the value and best use of cyber insurance. Cyber insurance can’t cover everything.
Continue to integrate advanced technologies into the cyber insurance process to augment and validate the point-in-time underwriting information provided in applications.
Use “hard market” realities to encourage adoption of strategic cybersecurity strategies. Encourage organizations of all sizes to establish strong cybersecurity foundations and provide access to resources that help them evolve in a changing threat landscape.
Facilitate and support insureds’ incident response and ransomware readiness to help make ransomware payments the last resort.
Align the renewal process, premiums and client retention with current client data and improvements made during the policy term.
Third-Party Cyber Liability
First-Party Cyber Event Expenses
Data and Network Restoration Expenses
Business Interruption and Extra Expense
NetDiligence Cyber Claims Study, 2021
Optiv services and support provide a vital bridge between cybersecurity and the cyber insurance process. This innovative connection enables all parties to work together to remediate risk and improve loss control.
Establish an acceptable insurability baseline and methodology for ongoing reviews.
Maintain checkpoints to identify changes to baseline, mitigate emerging threats and implement loss control strategies.
Collect and share information with your carrier and broker about improvements and successes to tell your cybersecurity story during the cyber insurance renewal process.
Align incident response and incident recovery capabilities with cyber insurance requirements.
As a result, outcomes improve:
Insureds own their cyber insurance destinies. Improve cybersecurity maturity over time and protect your businesses with incident readiness, response and recovery services.
Brokers participate more fully in the cyber insurance market. Support insureds more effectively and bring cybersecurity services to market quickly without added overhead.
Carriers turn recommendations into adoption. Build and maintain a secure, responsive cyber insurance client base. Provide access to, and implementation of, cybersecurity controls, services and incident response support.
Disclaimer: Optiv does not sell service cyber insurance policies or service policies to our clients. The information provided here is for informational purposes only. Every cyber insurance policy is different. When in doubt, read your policy carefully with help from an industry professional such as an experienced cyber insurance broker who is well versed in this new and evolving coverage.
June 27, 2023
Cyber Insurability Alliances objective is to create a more transparent insurance market for all parties.
March 01, 2023
Rampant ransomware attacks have made cyber insurance a C-suite priority. Despite the raised consciousness, it’s more difficult than ever to secure or....