How MOVEit is likely to shift cyber-insurance calculus

Becky Bracken, Dark Reading

October 16, 2023

2 Min Read
How MOVEit is likely to shift cyber-insurance calculus

In its recent Security and Exchange Commission (SEC) filing, Progress Software, the company behind the MOVEit file transfer software that’s been used to breach dozens of major organizations, says it plans to try and fully collect on its $15 million cyber insurance policy. But how is that fat $15 million payout likely to effect how insurers approach their own businesses?

Faced with class action lawsuits, fines, and a battered business brand, there’s little question the company will need millions to cover its losses. And to boot, Progress Software was already collecting on a claim related to a previous incident in November 2022, unrelated to the MOVEit ransomware campaign, according to its most recent 10-Q filing with the SEC.

“As of August 31, 2023, we have recorded approximately $4.9 million in insurance recoveries, of which $3 million was related to the November 2022 cyber incident and $1.9 million was related to the MOVEit vulnerability, providing us with $10.1 million of additional cybersecurity insurance coverage (which is subject to a $0.5 million retention per claim). We will pursue recoveries to the maximum extent available under our insurance policies.”

Higher Premiums, Less Coverage

Cyber insurers don’t have the historical data or developed risk models that others do, like car or home insurers, which means they are constantly adjusting their “risk appetite,” according to Mark Millender, senior advisor for global executive engagement at Tanium. He thinks payouts like the one Progress Software is seeking will both drive up premiums and ratchet up requirements for coverage across the cyber insurance ecosystem.

“As loss ratios increase and drive down profitability, risk tolerance recedes and the need to drive up revenues is reflected in premium charges,” Millender says.

And, getting policies renewed in the wake of this Progress Software claim, and others, is going to get trickier, he predicts.

“At the same time, the insured submitting the claim will be under increased scrutiny at the time of renewal,” according to Millender. “The insured’s ability to renew with the same or another carrier will depend on many factors, including this claim experience, but also general cybersecurity defense posture and how the incident was addressed.”

To read the complete article, visit Dark Reading.

 

About the Author

Becky Bracken

Becky Bracken

Dark Reading

See more from Becky Bracken
Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community
Sign Me Up

Recent

thumbnail
IoT
AT&T to discontinue NB-IoT, but T-Mobile and Verizon keep the faithAT&T to discontinue NB-IoT, but T-Mobile and Verizon keep the faith
byMike Dano / Light Reading
Nov 21, 2024
1 Min Read
thumbnail
Software
Microsoft unveils resiliency, security enhancements following July global IT outageMicrosoft unveils resiliency, security enhancements following July global IT outage
byDavid Jones / Cybersecurity Dive
Nov 21, 2024
1 Min Read
thumbnail
Incident Command & Situational Awareness
Harnessing data for safer communitiesHarnessing data for safer communities
Nov 21, 2024
2 Min Read
thumbnail
Regulations
Trump names Brendan Carr as next FCC chairmanTrump names Brendan Carr as next FCC chairman
byDonny Jackson
Nov 19, 2024
4 Min Read