Whitepaper

Maximizing Cyber Insurance

ThreatBlockr is a technology partner for AIG’s CyberMatics®

The cyber insurance market continues to experience robust growth as more organizations look to mitigate the financial impacts of cyberattacks. According to Adroit Market Research, the global cyber insurance market was $4 billion in 2018 and is expected to grow to $17 billion in 2023.

While there is a growing awareness around the core coverage components and terms of cyber policies, there is significantly less awareness around many other valuable benefits customers have access to with their policies. These benefits can include complimentary access to and/or discounted pricing on valuable cybersecurity technologies, tools, and services.

This lack of awareness means that cyber insurance customers are not maximizing the value of their cyber insurance investments.

The goal of this whitepaper is to provide an overview of the drivers of the cyber insurance benefit awareness challenge, and we look at AIG and its CyberEdge® program as an example to illustrate the benefits that cyber insurance companies are providing. AIG is the world’s largest insurance provider and the largest provider of cyber insurance.

If you are an AIG CyberEdge customer, we believe this information will help you to maximize the benefits associated with your policy. If you have cyber insurance from another provider, we believe this whitepaper will provide valuable context for assessing the benefits being provided by your carrier.

What Drives the Lack of Awareness of Cyber Insurance Benefits?

The lack of awareness of benefits associated with cyber policies is not surprising given the complex value chain of insurance sales.

Get the most out of your cyber insurance.

ASK YOUR BROKER:

  • Does my cyber insurance policy come with complimentary cybersecurity tools or services?
  • Am I taking full advantage of all the benefits that our cyber insurance policy provides?
  • Has anything changed that I should be aware of?
  • Set a reminder every six months to check in with your broker.

Third-Party Brokers

Insurance providers often sell insurance through third-party brokers, which in turn sell policies to end customers. One potential driver of the lack of awareness is that insurance brokers may not be aware of all of the policy benefits that come with cyber policies. It’s also important to keep in mind that many brokers are selling policies from multiple competing insurance providers. Even if brokers are aware of the benefits, another key issue is that they may not be comfortable in positioning them due to cybersecurity being a more technical area.

Siloed Internal Departments

Another potential driver of the awareness challenge is a disconnect in organizations between the insurance decision maker and the information security department. While the information security group is involved in cyber insurance purchase decisions, the primary decision maker is often in another department such as finance, legal, or risk management. This means that many information security departments are in the dark with respect to the cyber technologies and services they could be taking advantage of through their cyber insurance policies.

How to dissolve silos that can hurt cybersecurity.

  • Proactively opening a clear channel of communication between the insurance decision maker and the IT or security department is key to dissolving silos around cyber insurance benefits.

EXAMPLE:

A Closer Look at AIG’s Complimentary Tools and Services

As part of its CyberEdge policy, AIG provides a complimentary set of cyber technologies and services, which in many cases are powered by name brand cyber technology and service providers. To qualify for these, a customer must spend more than $5,000 in premium.

Before doing a deep dive on what technologies and services you have access to, check to see if there is minimum premium threshold to qualify for these.

Let’s take a closer look at the complimentary cyber technologies and services that are available to a qualifying AIG CyberEdge customer.

Threat Intelligence

AIG provides a Blacklist IP blocking and Domain Protection solution as part of its complimentary offerings. This is actually a Threat Intelligence Gateway (TIG) solution powered by ThreatBlockr. The ThreatBlockr platform provides access to large volumes of threat intelligence from multiple sources including commercial, open source, government, and industry. The ThreatBlockr platform can also aggregate threat intelligence from other sources via industry standards like STIX/TAXII. The ThreatBlockr platform is deployed as a compliment to network firewalls and uses massive volumes of threat intelligence to block malicious IPs and domains for both inbound and outbound traffic. AIG CyberEdge customers get a complimentary ThreatBlockr appliance (BT-500 or BT-1G) and discounted pricing on additional gateway purchases.

Endpoint Detection and Response (EDR)

Complementing the network security provided by the Threat Intelligence Gateway, AIG provides access to an EDR capability and an incident response retainer. There is no restriction on the number of endpoints. The solution and the retainer are free for one year and beyond this the customer would have to pay for the solution.

Security Ratings

The equivalent of credit ratings in the physical world, cybersecurity ratings are increasingly being used by organizations to assess their own risk, as well as the risk of third-parties they interact with. AIG CyberEdge customers receive unlimited access to their own scorecard, which assesses their risk profile across ten key risk categories.

Security Awareness & Training Solution

It’s well known that phishing is a problem and that employees are a primary threat vector. The result is a growing need for comprehensive security awareness training, which has driven strong adoption of security awareness and training solutions. This has resulted in a significant increase in the use of security awareness training solutions by companies of all sizes. AIG provides access to a free security awareness training solution. This is full-fledged security awareness and training solution and there are no limits in terms of use or number of users.

Vulnerability Scan

AIG provides a vulnerability assessment capability in which you can scan up to 250 IP addresses with a follow up scan 90 days later to verify remediation efforts.

Cyber Services

The above are cybersecurity technology solutions. However, AIG also provides its cyber insureds a range of complimentary consulting services as well. These include:

  • AIG Cyber Risk – An hour with an AIG Cyber Risk Consultant to get advice on how to improve your risk posture.
  • Legal Risk – Two hours with a legal risk expert on incident response planning, regulatory compliance, security awareness, or privacy training.
  • Forensic Risk – One hour with a forensic expert to receive advice on what an organization needs.
  • Public Relations Risk – One hour with an expert to prepare and plan to handle potential breach scenarios.

Preferred Services

The final element of AIG’s CyberEdge benefits are services that AIG insureds can access at a preferred rate. These include services provided directly by AIG including an Incident Response Simulation Workshop and Cyber Best Practices Focus Workshop. These also include services provided by third- parties, including BitSight Security Ratings, Darknet Intelligence powered by BlueVoyant, virtual CISO services provide by Optiv, and a Quantification Workshop and Insurance Portfolio Stress Test, power by Axio.

ACTION ITEMS:

  • Revisit your cyber insurance policy and connect with your broker to make sure you understand what benefits are available to you.
  • If you are in the finance, legal, or risk management departments, make sure your information security counterparts know what they have access to.
  • If you are in information security, reach out to your counterparts in finance, legal, and/or risk management to better understand what technologies and services are available to you.

Conclusion

Cyber insurance providers offer a range of highly valuable benefits as part of their cyber insurance policies. However, the lack of awareness of these benefits among cyber insurance customers, means they are not maximizing the value of their investment in cyber insurance. This case study on AIG CyberEdge benefits provides insights into the array of cyber technologies, tools, and services that could be available.

Enroll now at www.threatblockr.com/aig-cyberedge