January 12, 2024 at 12:11AM
In 2024, cyber insurance requirements are set to evolve, reflecting the changing threat landscape and increasing data breach costs. Predictions include a shift towards modern attack surface management, prioritization of vulnerabilities, limited coverage for manufacturing breaches, and mandatory incident response plans. Providers emphasize adaptability in the face of evolving regulations and cyber responsibilities.
Based on the meeting notes, the following are the key takeaways for 2024 cyber insurance requirements:
1. The SEC’s Rule 106, announced in 2023, will have a major impact on cyber insurance requirements. It will impose new obligations for publicly traded companies to disclose incidents promptly and report annually on cybersecurity risk management, strategy, and governance.
2. Insurers will expect modern attack surface management (ASM) to satisfy the SEC Rule 106. This involves integrated and platform-based ASM that provides real-time visibility across all devices, accounts, and applications, both on-premises and in the cloud.
3. Underwriters will focus on vulnerability prioritization and may seek to carry out random remote ‘spot assessments’ to ensure organizations are effectively prioritizing vulnerabilities.
4. Insurers may not cover damages incurred by manufacturing organizations in the event of a breach, as attacks on the manufacturing industry may be considered acts of war instead of cybercrimes.
5. Insurers are likely to make documented, tested incident response (IR) plans a mandatory cybersecurity insurance requirement, as many organizations have previously relied on cyber insurance as an alternative to having a detailed IR plan.
6. Cyber insurance requirements will continue to evolve based on regulatory changes, emphasizing corporate cyber responsibility.
These takeaways are based on the predictions of Cyber Risk Specialist Vince Kearns for 2024 and the evolving threat landscape and regulatory environment.