The cyber insurance market size is currently valued in the billions, and this does not include insurance policies that do not explicitly mention cyber incidents but may nevertheless cover them. With this in mind, policyholders and insurance carriers should be aware of the recently released Cyber Insurance Framework (the “Framework”) issued by the New York Department of Financial Services (NYDFS). The first of its kind, the Framework lays out formal strategies for measuring and managing cyber risks.
Recent events have highlighted the cybersecurity risks insurance carriers face. The Framework cites the COVID-19 pandemic, the SolarWinds hack, and a rise in ransomware attacks as examples of increased cyber risk for all organizations.
The Framework’s Best Practices
The Framework lists seven best practices to employ to best protect economic interests:
- Establish a formal cyber insurance risk strategy – Notably, this requirement requires approval by the senior management and the board of directors (or other governing body if there is no board of directors).
- Manage and eliminate exposure to silent cyber insurance risk – This practice may include rewriting standard…
