How MOVEit Is Likely to Shift Cyber Insurance Calculus

  /     /     /  
Publicated : 23/11/2024   Category : security


How MOVEit Is Likely to Shift Cyber Insurance Calculus


Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.



In its recent Security and Exchange Commission (SEC) filing, Progress Software, the company behind the MOVEit file transfer software thats been used to breach dozens of major organizations, says it plans to try and fully collect on its $15 million cyber insurance policy. But how is that fat $15 million payout likely to effect how insurers approach their own businesses?
Faced with
class action lawsuits
,
fines
, and a
battered business brand
, theres little question the company will need millions to cover its losses. And to boot, Progress Software was already collecting on a claim related to a previous incident in November 2022, unrelated to the
MOVEit ransomware campaign
, according to its
most recent 10-Q filing with the SEC.
As of August 31, 2023, we have recorded approximately $4.9 million in insurance recoveries, of which $3 million was related to the November 2022 cyber incident and $1.9 million was related to the MOVEit vulnerability, providing us with $10.1 million of additional cybersecurity insurance coverage (which is subject to a $0.5 million retention per claim). We will pursue recoveries to the maximum extent available under our insurance policies.
Cyber insurers dont have the historical data or developed risk models that others do, like car or home insurers, which means they are constantly adjusting their risk appetite, according to Mark Millender, senior advisor for global executive engagement at Tanium. He thinks payouts like the one Progress Software is seeking will both drive up premiums and ratchet up requirements for coverage across the cyber insurance ecosystem.
As loss ratios increase and drive down profitability, risk tolerance recedes and the need to drive up revenues is reflected in premium charges, Millender says.
And, getting policies renewed in the wake of this Progress Software claim, and others, is going to get trickier, he predicts.
At the same time, the insured submitting the claim will be under increased scrutiny at the time of renewal, according to Millender. The insureds ability to renew with the same or another carrier will depend on many factors, including this claim experience, but also general cybersecurity defense posture and how the incident was addressed.
Cyber insurance policies are undoubtedly already getting more expensive and providing less coverage than before: Two-thirds of companies surveyed for
a report from Delinea on the current state of the cyber insurance industry
said they saw a 50% increase in cyber insurance premiums, with more narrow coverage over the past year. And, a full 80% of companies reported they submitted at least one claim in the past year.
Three key factors are driving the growth of the cyber insurance market, Bud Broomhead, CEO at Viakoo says. This includes the expanding liabilities from cyber breaches, boards and senior management holding more responsibility for breaches, and the forcing function that cyber insurance provides to maintain their cyber security posture.
Broomhead adds that as the cyber insurance market matures, these factors will change, but the bottom-line result is likely to be a continuing trend towards more expensive policies with less coverage. But as cyber insurers refine their risk evaluations, premiums should stabilize, he adds.
Cyber insurers are taking a closer look at the risk profiles of their clients, a trend that will be driven to new heights by the Progress situation. One of the outcomes of this increased scrutiny has been greater cooperation between cyber insurers and their policy holders, Dara Gibson, cyber insurance services leader with Optiv, explains.
Cyber insurers are now communicating with cybersecurity teams, Gibson says. Its going to become more of a collaborative effort between the insurers, cybersecurity and the insured because a greater understanding of what good looks like is taking shape.
Its up to enterprise teams to do the same kinds of assessments, Broomhead advises.
Risk assessment and cyber insurance will always be evolving in the same way that threat vectors themselves evolve, Broomhead says. The most important thing is for an organization to do its own risk assessment and ensure that their internal policies address their entire attack surface.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
How MOVEit Is Likely to Shift Cyber Insurance Calculus