Temps de lecture : 2 minutes

Providing the Right Information to Brokers and Underwriters, Including a Statement of Ransomware Resilience and Other Documentation, Mai Help Secure Better Terms

SAN JOSE, Calif.—Juillet 20, 2021—The latest highly publicized ransomware attack, a cyber-extortion incident against Kaseya, has fueled interest in cyber insurance. In an attempt to reduce their cyber insurance costs, organizations are seeking to demonstrate they have systems in place that provide data resilience.

As a result, Panzura has recently experienced intensified demand from firms looking to better understand their options, according to Glen Shok, vice president of strategic alliances. The company provides secure global file-system solutions for managing, accessing and storing unstructured data in large organizations.

Avant de s'asseoir avec les assureurs pour examiner leurs pratiques de sécurité et leurs options de couverture, M. Shok conseille à ces organisations de préparer une évaluation complète des risques. "Les assureurs veulent que des contrôles de prévention et de récupération soient mis en place, y compris une analyse de la valeur et de la nature des données assurées. Cela peut réduire le risque pour l'entreprise comme pour l'assureur, et se traduire par une baisse des primes", a déclaré M. Shok.

He suggests they talk to their technology partners and software vendors to obtain a Statement of Ransomware Resilience (SoRR) which may be considered by insurers when negotiating direct written premium and standalone policies. Panzura offers these statements to customers and works with them when they request additional documentation for insurance purposes.

Cyber insurance prices are driven by the need for risk management and the growing incidence of network intrusions, data theft and ransomware exploits. Fitch Ratings reports that direct cyber insurance premiums increased by over 22 percent in 2020 to approximately $2.7 billion with momentum continuing into this year.

Selon M. Shok, les assureurs ont réagi à la crise des ransomwares de diverses manières, notamment en limitant les paiements de sinistres et en liant les paiements aux actions des assurés.

"Les polices d'assurance peuvent contenir des exigences visant à protéger de manière proactive les réseaux et les données contre les infections en déployant des solutions de prévention, de protection et de récupération. Nous voulons que nos clients comprennent les avantages qu'il y a à transmettre les bonnes informations aux assureurs, qui cherchent à obtenir de meilleures conditions ou à moduler les augmentations de tarifs", a fait remarquer M. Shok.

Panzura’s CloudFS is a global file system that is inherently resilient to ransomware and other malware threats through data immutability. Organizations that use CloudFS to manage, store and access their unstructured data are less likely to need to pay a ransom to regain access to data held in the Panzura file system, even if subjected to an attack. Data stored by CloudFS cannot be encrypted because the system maintains an unalterable, clean data set.

Notes aux rédacteurs :

  • Hard market pricing is being used by insurers to offset claims, along with tightened terms and conditions, and more stringent risk selection. Brokers are trying to get more and better information from their clients to underwriters, in order to secure better terms. See “Cyber insurance and the ransomware revolution” (Insider Engage, 24 Juin 2021).
  • Some insurers are making payments contingent upon policyholders’ actions. They assess whether data has been backed up sufficiently to resume operations within a reasonable period of time, without the payment of a ransom. See “How are cyber insurance companies assessing ransomware risk?” (Dark Reading, 26 Mai 2021).
  • More than 80 percent of all data at large organizations is unstructured. It is more difficult to store, analyze and access than other types of data. This includes sensitive and highly regulated healthcare and financial data, and petabyte-size enterprise files. See “Structured vs. unstructured data” (Datamation, 21 Mai 2021).