Partner content
How MOVEit is likely to shift cyber-insurance calculus
In its recent Security and Exchange Commission (SEC) filing, Progress Software, the company behind the MOVEit file transfer software that’s been used to breach dozens of major organizations, says it plans to try and fully collect on its $15 million cyber insurance policy. But how is that fat $15 million payout likely to effect how insurers approach their own businesses?
Faced with class action lawsuits, fines, and a battered business brand, there’s little question the company will need millions to cover its losses. And to boot, Progress Software was already collecting on a claim related to a previous incident in November 2022, unrelated to the MOVEit ransomware campaign, according to its most recent 10-Q filing with the SEC.
“As of August 31, 2023, we have recorded approximately $4.9 million in insurance recoveries, of which $3 million was related to the November 2022 cyber incident and $1.9 million was related to the MOVEit vulnerability, providing us with $10.1 million of additional cybersecurity insurance coverage (which is subject to a $0.5 million retention per claim). We will pursue recoveries to the maximum extent available under our insurance policies.”
Higher Premiums, Less Coverage
Cyber insurers don’t have the historical data or developed risk models that others do, like car or home insurers, which means they are constantly adjusting their “risk appetite,” according to Mark Millender, senior advisor for global executive engagement at Tanium. He thinks payouts like the one Progress Software is seeking will both drive up premiums and ratchet up requirements for coverage across the cyber insurance ecosystem.
“As loss ratios increase and drive down profitability, risk tolerance recedes and the need to drive up revenues is reflected in premium charges,” Millender says.
And, getting policies renewed in the wake of this Progress Software claim, and others, is going to get trickier, he predicts.
“At the same time, the insured submitting the claim will be under increased scrutiny at the time of renewal,” according to Millender. “The insured’s ability to renew with the same or another carrier will depend on many factors, including this claim experience, but also general cybersecurity defense posture and how the incident was addressed.”
To read the complete article, visit Dark Reading.
