Cisco, Apple, Aon, Allianz Partner to Help Businesses Protect Against Common Malware Threats
Munich, Germany-based Allianz — named by Forbes as the world’s second largest insurance firm — is offering cyber insurance at competitive premiums with reduced deductibles; but only if the insured is risk-assessed by Aon and uses certain Cisco and Apple products.
Over the last few years, information security has increasingly been seen as a risk management issue. One of the traditional options for risk management is risk transfer; that is, insurance. But while the cyber insurance option has increased in visibility, its adoption remains relatively low. In 2016, US cyber insurance premiums were reported to be $1.35 billion. This is just 3.3% of the total premiums for U.S. commercial line insurers. Clearly, there is an opportunity for insurance companies to increase their own share of a potentially large market.
At the same time, product vendors are always looking for new opportunities to sell their products. The potential for linking specific product to reduced insurance premiums could help both industries to increase market share.
This has been slow to materialize because insurance works on detailed statistics between risk and premiums. It has decades of statistics for motor vehicles, and perhaps hundreds of years for shipping — but only a few years’ experience of a continuously changing and worsening infosecurity world. The natural effect of this is that premiums have to be set at the higher end of the possible scale simply because nobody really understands the full risk.
Apple and Cisco have been working to change this. In June 2017, Cisco’s David Ulevitch (VP, security business group) announced, “We’re collaborating with insurance industry heavyweights to lead the way in developing the architecture that enables cyber insurance providers to offer more robust policies to our customers.”
This collaboration surfaced yesterday in the announcement of a deal with Allianz: “a new cyber risk management solution for businesses, comprised of cyber resilience evaluation services from Aon, the most secure technology from Cisco and Apple, and options for enhanced cyber insurance coverage from Allianz,” said Apple. However, it should be noted that this is not a general cyber insurance offering, but one specifically related to “cyber risk associated with ransomware and other malware-related threats, which are the most common threats faced by organizations today.”
There are three elements that could lead to the insurance deal. The first is that the candidate company is risk assessed by Aon, who will examine the company’s existing cyber security posture and make recommendations on how to improve existing defenses.
The second is that the candidate company should use Cisco Ransomware Defense and/or qualified Apple products iPhone, iPad and Mac. The third is that insured companies will then have access to Cisco and Aon incident response teams in the event of a malware attack.
With any contract, and an insurance policy is just a contract, the devil is always in the detail. It isn’t clear from the current announcement whether the insurance will go beyond just a malware attack — into, for example, data manipulation or theft because of the malware attack. That may vary from contract to contract depending on the result of the Aon assessment.
For the moment, there is just the bald statement that if a company uses certain Cisco and Apple product, and presumably ‘passes’ a risk assessment by Aon, that company might possibly qualify for lower deductibles in a malware-related cyber insurance policy underwritten by Allianz.