One Year Later: NY DFS Publishes Its Cyber Insurance Risk Framework

by | Jan 31, 2022 | Innovation

On February 5, exactly one year will have passed since the NY Department of Financial Services published its Cyber Insurance Risk Framework. This Framework outlines seven best practices relevant for property/casualty insurers and should be applied on an individualized basis to insurers depending on their respective amount of risk. 

In tandem with the rise of remote and hybrid workplaces, cyber criminals have evolved in their numbers and sophistication. This is evident when one looks at the sheer increase in ransomware attacks, cyber crimes, and other incidents. Though these trends in cybersecurity are acknowledged, society still has a great deal of ground to make up when it comes to awareness and prevention, not to mention recovery. Both the cybersecurity and cyber insurance industries can benefit from one another. The Framework recognizes the interdependence of cyber risk with cyber insurance for both underwriters and policyholders; so, too, does Cowbell Cyber.

Take any best practice outlined in the Framework, and then see that Cowbell Cyber is already well aligned with it. 

1. Establish a Formal Cyber Insurance Risk Strategy, and 2. Manage and Eliminate Exposure to Silent Cyber Insurance Risk

  • Cowbell’s AI-powered continuous underwriting platform maps threats and risk exposure to coverages and enables agents to deliver policies tailored to the unique needs of each customer in less than 5 minutes.
  • By design, Cowbell offers standalone cyber insurance policies. We believe this is the only way a business can clearly understand the type of cyber risk for which they are covered.

3. Evaluate Systemic Risk, and 4. Rigorously Measure Insured Risk

  • When it comes to evaluating risk, insurers must consider the organization’s third-party vendors, its suppliers and other service providers as well as their general cybersecurity posture. Cowbell Factors are the set of proprietary risk ratings that use inside-out and outside-in data to define an organization’s risk profile in comparison with Cowbell’s risk pool of 22 million US accounts.
  • We continue to refine our risk rating model to account for the complexity of cyber risk and cyber threats. Recognizing that bad actors exploit software vulnerabilities to penetrate organization networks, Cowbell added the Software Supply Chain Cowbell Factor to its set of proprietary risk ratings.

5. Educate Insureds and Insurance Producers

  • An organization’s risk rating determined by Cowbell Factors can be influenced by engagement with and subsequent completion of internal cybersecurity awareness training. By prioritizing and incentivizing cybersecurity education, Cowbell promotes taking preventative measures and quells worries about business continuity with its emphasis on closed-loop risk management

6. Obtain Cybersecurity Expertise

  • On its internal team, Cowbell has an array of subject matter experts both on the insurance side and the cybersecurity side. The Cowbell team at large is also required to complete cybersecurity awareness training, just as Cowbell’s policyholders are.

7. Require Notice to Law Enforcement

  • Cowbell prides itself on offering a closed-loop approach to risk management, meaning that we bundle resources with policies to identify, qualify, quantify, mitigate, and prevent risk: assess, insure, and improve. For customers, improvement involves understanding and internalizing best practices when it comes to cyber incidents that occur, such as crafting an effective incident response plan.

One of the reasons Cowbell Cyber is so cutting-edge is that we understand that successful cyber insurance policies depend on establishing strong cyber hygiene within an organization and outside of it (i.e., throughout the supply chain and across all third parties). This is of particular importance to Cowbell Cyber because we focus on businesses with revenue up to $250 million.

These are small- to mid- sized enterprises (SMEs) that may not inherently have the resources to prioritize cybersecurity awareness; yet SMEs are part of the backbone of many critical supply chains. Furthermore, a cyber incident at a small business can lead to damaging business interruptions for an entire sector.

Cowbell’s cyber insurance policies are available in the state of New York, following all above principles as stated by NY DFS. All businesses can obtain a cyber risk rating from Cowbell Cyber, regardless of whether they are insured with us. Insurance agents and brokers who want to get appointed to distribute Cowbell’s standalone cyber insurance can visit our website.

Related Posts

AI in 2024

AI in 2024

The explosive growth of Generative Artificial Intelligence (AI) in recent years has been viewed by...

read more

Cowbell Blog

Grow your cyber IQ with our insights into cyber insurance, cyber risk, and cyber security.

See How Cowbell Can Protect Your Business