In this chapter, we will discuss cybersecurity insurance, the industry, and how it is adjusting to the mega-ransoms paid out over the last few years. The most important part will cover how to pick cybersecurity insurance and what to watch out for, so you don't end up with inadequate coverage.

Cybersecurity Insurance Shakeout

Cybersecurity insurance helps to provide financial protection from cybersecurity incidents. These days cybersecurity insurance firms are even stepping up to the plate as a primary cybersecurity risk accessor, giving you additional ways to gauge your cybersecurity readiness, along with recommended/required controls and education. For many smaller organizations, their cybersecurity insurance broker may be their first exposure to a mature cybersecurity risk assessment and stronger cybersecurity controls and tools. Ironically, ransomware is often the reason many companies had to implement better and stronger computer security.

Cybersecurity insurance has been around in various forms for decades, albeit not in the distinct, focused, “we'll pay the ransom” way it is now. It first started as a “rider” on other business insurance policies, and mostly covered third-party claims, or damages that occurred to downstream (i.e., not to the insured party) people and organizations that ended up with loss or injury due to the upstream hacked, insured victim. First-party coverage, directly covering the insured party because of hacking, ...