Guest: Josephine Wolff, The Fletcher School of Law and Diplomacy
For anyone interested in understanding cybersecurity insurance, Josephine Wolff is the premier global expert on the issue. And cyberinsurance is a tricky market. “We’re all relying on the same infrastructure or the same fairly small set of infrastructure for our computer systems,” Josephine says in this episode of Think Bad, Do Good. Other types of insurers can diversify their risk portfolio and assume that all policy holders are not going to be hit by the same fire, the same flood, or the same car accident all at once. But due to the scope of cybersecurity risk, cyberinsurers lack that luxury.
How does it play out? “The ideal would be your insurer comes in, they assess your security posture, and then they price your premium based on how good your security is. And I think what a lot of companies feel now is like, they come in, they do this endless questionnaire, and then they’re just going to price your premium based on how big your company is anyway.” The impact is significant. “It plays into this larger dynamic of sort of caution on the part of the insurers, saying, ‘We don’t really feel we know how to defend against these types of incidents, so we would rather not be on the hook to be covering more and more and larger and larger of them.’” That issues rests at the core of the current public debate.
Author of Cyberinsurance Policy and professor at The Fletcher School, Josephine Wolff examines the development of cyberinsurance, compares it to other sectors, and details how the complexity of cybersecurity insurance can lead to legal disputes between insurers and policyholders. “Who ends up paying? What are all the various complicated legal and liability issues here? And what can we say about who gets held responsible and who doesn’t?” Tune in to learn more about the path ahead.
Key links to Josephine’s work: Link to her new book, available from MIT Press: Cyinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks: https://mitpress.mit.edu/9780262544184/cyberinsurance-policy/Her recent article in the Financial Times: “Insurers must rethink handling of cyberattacks on states.”: https://www.ft.com/content/aa147054-ec14-4a75-a183-bee345319948Her recent article in Slate (no paywall), “A Brief History of Cyberinsurance.”: https://slate.com/technology/2022/08/cyberinsurance-history-regulation.html
Click here to read the transcript: https://www.attackiq.com/podcasts/the-state-of-the-cyberinsurance-market-today/#transcript
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More