BlackBerry Teams Up with Insurance Provider Allied World

Subscribe To Download This Insight

By Michela Menting | 2Q 2017 | IN-4560

BlackBerry announced a partnership with Allied World, a global insurance company, on a new initiative aimed at expanding distribution channels. The security vendor will provide a self-assessment toolkit, dubbed SHIELD, for cyber insurance policy holders of Allied World. The tool will enable them to effectively qualify their security posture. As part of the initiative, BlackBerry will also provide its expertise to the policy holders, helping them address areas of weakness and providing guidance to better manage their risks. The tool and accompanying services will be available mid-May 2017 as part of Allied World’s FrameWRX, a cyber risk management solution offered to its U.S. clients under its suite of cyber insurance policies.

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.

 

Expanding BlackBerry Cybersecurity Services

NEWS


BlackBerry announced a partnership with Allied World, a global insurance company, on a new initiative aimed at expanding distribution channels. The security vendor will provide a self-assessment toolkit, dubbed SHIELD, for cyber insurance policy holders of Allied World. The tool will enable them to effectively qualify their security posture. As part of the initiative, BlackBerry will also provide its expertise to the policy holders, helping them address areas of weakness and providing guidance to better manage their risks. The tool and accompanying services will be available mid-May 2017 as part of Allied World’s FrameWRX, a cyber risk management solution offered to its U.S. clients under its suite of cyber insurance policies. 

Self-Assessment Tools to Help Insurers

IMPACT


Insurance against cyber risks is no easy feat. Insurers will initially assess an organization’s level of risk management and cybersecurity before determining an appropriate policy and corresponding premium. While insurers will typically have a checklist and questionnaire of sorts, it is difficult to assess every potential risk. Zero-days and other unknown vulnerabilities emerge over time, sometimes years after a product has been in use; thus, while a particular system might have been secure at the time of assessment, its continued security is not guaranteed. As a result, the industry is very much trust-based, and many types of risks are excluded from policies. The partnership between BlackBerry and Allied World is significant because the use of standards and assessment tools can significantly help to both understand cyber risks and help determine what level of risk an organization is willing to accept. Based on this understanding, more effective decisions can be made to minimize such risks and strengthen a cybersecurity posture, enabling an insurer to better tailor a policy and potentially cover previously uncovered risks. 

Slowly but Surely

COMMENTARY


Currently, there are quite a number of excluded risks from cyber insurance policies, including claims brought by government or regulators, vicarious liability, unencrypted data, failure to install software updates or security patches, first-party notification expenses for disclosure of PPI or health information, data as an asset (e.g., IP, trade secrets), operational mistakes (true negligence), reputational damage, industrial espionage, and catastrophic events such as critical infrastructure failure, state-sponsored cyberattacks, and cyberterrorist acts, for which most carriers believe the government should be responsible.

This does not mean that these exclusions may not become insurable over time as more actuarial data is gathered, and the increased adoption of cyber insurance policies allows the build-up of sufficient reserves to cover these activities. On a global average, ABI Research estimated in 2015 that just under 6% of small- and medium-sized enterprises (SME) subscribed to cyber insurance policies, while for large enterprises, this was closer to the 20% mark. While cyber insurance uptake is still relatively slow and fraught with obstacles, there is perceptible growth in interest and gradual drive toward more widespread adoption, especially as security vendors become involved.

As of today, the cyber insurance market is still immature. The largest barrier to its growth is the lack of actuarial data about cyberattacks and breaches. Actuarial data provides the statistics, enabling insurers to estimate the probability and the potential cost of an event. Partnering with a cybersecurity vendor such as BlackBerry provides insurers like Allied World a better understanding of the threat landscape and the most effective methods to minimize risk.

The volatile and dynamic nature of ICTs and cyberspace in general means that insurers have a steep learning curve and will continue to be presented with new and unknown threats that will be difficult to fit into past insurance models. The difficulty will be in determining the risks of more intangible assets than data and embracing concepts such as resiliency and availability. Beyond that, in the longer term, insurers will have more than IT systems to consider, including newly connected endpoints emerging from the unrelenting growth of the Internet of Things.

Services

Companies Mentioned