The Expert Podcast

• What makes cyber insurance so different and mysterious compared to other insurance types like fire, slip and fall, or professional liability insurance.
• Cyber insurance can be part of an existing policy, standalone, or even absent — and it has unique challenges every business owner should know.
• The hidden infrastructure problem in cyber insurance and why it’s a growing risk for all businesses, no matter the size.
• Digital assets such as servers, customer data, and information are invisible but critical risks that can cause catastrophic losses, possibly bigger than physical damage like a fire.
• Unlike traditional insurance products that have been around for decades, cyber insurance is relatively new — about 10 years old — and still immature.
• The cyber risk landscape evolves rapidly as hackers develop new attack methods every year, making it difficult for insurers to keep up.
• Real-world examples show how cyberattacks can disrupt life-saving hospital equipment, fire stations, and essential supply chains, proving the potential for catastrophic consequences.
• Cyber insurance began as a way to cover minor hacks but now must address crisis-level events with potentially unlimited damages and losses.
• Traditional insurance pricing relies on historical data, but cyber insurance lacks consistent, reliable claims data due to its evolving nature.
• The difficulty for insurers to price premiums accurately means some are hesitant to write policies, creating coverage gaps in the market.
• There are calls for government involvement to create a backstop or shared facility to handle catastrophic cyber risks beyond the capacity of private insurers.
• Even if you're a small business, having some cyber coverage is essential for insights on prevention and minimal financial protection for smaller incidents.
• Cyber insurance policies require adherence to best practices such as strong passwords and server protection; failure to comply may invalidate coverage.
• Best practices vary across insurers, leading to confusion and a lack of standardized cyber security protocols.
• A call for government or industry standard organizations (like ASTM) to develop minimum standards to unify cyber risk management across insurers and insured companies.
• Coordinated security standards across supply chains reduce vulnerabilities and make it harder for hackers to exploit weak links, helping protect the broader economy.