The SolarWinds breach brought a reckoning in the world of cybersecurity, with calls for systemic changes in an industry that has already had to shift dramatically. What makes this cyberattack different from any of the previous ones, and what does it spell for the future of cyber insurance? Read on to find out.
What Happened?
Last December the information technology firm SolarWinds warned that there had been an attack on its Orion platform, an application companies use to manage business and IT services. A bad actor added a malware code into the Orion software, resulting in its thousands of users being exposed via an update email. This gave hackers access to the systems of private companies and U.S. federal agencies alike.
What really makes this case stand out is the way it demonstrates how a single hack can cause innumerable systemic issues. No single entity was targeted with this cyberattack – anyone who installed the update was impacted. This means that any or all of SolarWinds’ roughly 30,000 customers could have been exposed, along with its own clients and vendors. Moreover, through third party vendors that supply IT services to companies, this malware could reach countless businesses. This is a critical example of why it is so important to thoroughly vet third party vendors.
Navigating the Hard Market
The SolarWinds incident is having a big impact on the renewal process. Some underwriters have gone as far as excluding SolarWinds related claims going forward. Many times, the impact of a cyberattack isn’t discovered for months or even years, so these exclusions are being written to preempt a wave of claims in the future. Given the potential reduction in coverage, it is important to analyze whether your or your vendors have any potential exposure to SolarWinds and tender prompt notice of a claim or potential incident.
What Happens Now?
One of the best things an organization can do right now is work with a specialty broker that is able to protect their interests and negotiate the best possible coverage at the most competitive price. A specialty broker can also guide their clients through a risk assessment, remediation plan, and present the risk in the best possible light to the insurance marketplace.
Carriers also want to see that clients are taking advantage of the services at their disposal. Insureds often have access to risk mitigation experts, or vendors that improve security systems at a discounted rate through policies. At the beginning of the cyber boom these services were simply a bonus selling point. Now, insureds are expected to be able to prove they are taking every possible precaution.
SolarWinds opened a rabbit hole of potential systematic damages. Clients should still expect a more stringent renewal process overall, and be ready to demonstrate thorough prevention and mitigation plans.
Want to learn more?
Find me on LinkedIn, here.
Connect with the Risk Strategies Cyber Risk team at cyber@risk-strategies.com.
Email me directly at kallen@risk-strategies.com.