In response to the growing threat of malware and ransomware attacks and other cybersecurity threats facing businesses today, Apple, Cisco, Allianz and Aon announced a new holistic cyber risk management solution on February 5, 2018. The new product is designed to provide a comprehensive framework for companies to reduce cyber risk by leveraging the expertise of each of the partners. As cyber incidents often impose significant costs on companies that can be difficult to bear directly, cyber insurance can help provide some protection. In a video promoting the new product, Anthony Belfiore, Chief Security Officer at Aon, described getting cyber insurance as “hav[ing] a parachute” so that a company does not “have to worry about these exposures the way [they] had to worry about them yesterday.” While the partners have not made specific pricing information available for the new cyber insurance offering, under most cyber insurance policies, like other insurance plans, the insured pays an annual or monthly fee to obtain coverage for losses resulting from certain specified incidents, often subject to a deductible.
Companies interested in purchasing the new insurance product must first undergo a cyber resilience evaluation from Aon to determine their “cybersecurity posture.” Aon will also recommend ways for the company to improve their cybersecurity defenses. Companies that employ Cisco’s Ransomware Defense product and/or Apple devices such as iPhones, iPads and Mac computers, may then be eligible for an “enhanced cyber insurance offering” underwritten by Allianz Global Corporate & Specialty that provides what Apple describes as “market-leading policy coverage terms and conditions,” including lower deductibles, or in certain cases, no deductibles. Companies that purchase this insurance package will also have access to Cisco’s and Aon’s incident response teams in the event that they do suffer a cybersecurity incident.
According to Cisco, 68% of U.S. businesses have not yet purchased any form of cyber insurance. While adoption rates of this new insurance offering remain to be seen, creating a symbiotic relationship that promotes good cybersecurity behavior by providing incentives is beneficial for both insurer and insured, not to mention the security technology providers. And since it is the consumer whose data is ultimately at risk, anything that encourages companies to invest more in cyber defense and take better precautions to prevent cyber incidents can only be seen as a positive step.