After the SolarWinds cyber attack on Govt infrastructure, the government of United States seems to have taken Cybersecurity as a top priority to rectify any flaws that could make way to any future cyber attacks in the future.
As cyber insurance plays a critical role in managing cyber risks, New York Department of Financial Services has planned a new set of guidelines for companies that are seeking insurance policies to minimize cyber losses on a financial note. And those are as follows-
· Maintain a senior management and board approved cyber insurance risk strategy
· Cut down all silent risks under the policy that are not mentioned specifically in the policy
· Evaluation of systemic risks that are associated to third parties
· Having a comprehensive plan for assessing the cyber risks and covering all security gaps like access controls, vulnerability management, boundary defenses, endpoint monitoring, incident response and past claims
· All insurance companies offering cyber cover should well educate their customers on their policy coverage’s and those that are exempted before an insured takes the policy. Meaning a transparency must be maintained on what incidents are covered and not.
· Require informing details of cyber incidents to the law enforcement
· Have in-house expertise who is having the potential to understand and evaluate cyber risks
Note- The guidelines were planned after the challenges faced by insurance carriers were well identified because of unknown risks and rising costs while underwriting cyber policies. The companies offering such insurance coverage will need to determine all risks associated to the companies before providing them a policy to cover.