How MOVEit Is Likely to Shift Cyber Insurance Calculus

How MOVEit Is Likely to Shift Cyber Insurance Calculus

October 13, 2023 at 04:59PM

Progress Software plans to collect on its $15 million cyber insurance policy in light of the recent class action lawsuits and fines it faces due to security breaches caused by its MOVEit file transfer software. This large payout is likely to impact how insurers approach their businesses as premiums increase and coverage becomes more restricted. Insurers are now communicating and cooperating more closely with cybersecurity teams to better understand risk profiles. Organizational risk assessments and internal policies are crucial in addressing the evolving threat landscape.

Key takeaways from the meeting notes are as follows:

1. Progress Software plans to fully collect on its $15 million cyber insurance policy to cover losses resulting from class action lawsuits, fines, and damage to its business brand.
2. The company has already recorded approximately $4.9 million in insurance recoveries as of August 31, 2023, including $3 million related to a previous cyber incident in November 2022 and $1.9 million related to the MOVEit vulnerability.
3. Payouts like the one Progress Software is seeking are likely to drive up premiums and increase coverage requirements across the cyber insurance industry.
4. Insured organizations will face increased scrutiny and potential difficulties in renewing policies following a claim experience.
5. Cyber insurance premiums have been on the rise, and coverage has become more restricted in the past year.
6. The growth of the cyber insurance market is driven by expanding liabilities from cyber breaches, increased responsibility of boards and senior management, and the incentive provided to maintain cybersecurity posture.
7. Cyber insurers are closely evaluating the risk profiles of their clients, leading to greater collaboration and communication between insurers, cybersecurity teams, and the insured.
8. Organizations should conduct their own risk assessments and ensure that their internal policies address the entire attack surface to effectively manage cyber risks.

Full Article