Josephine Wolff offers the critique in her well-researched book, Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks (MIT Press, 2022).
Are insurers and insurtech companies placing too much emphasis on narrowly-defined cyber coverage, security controls and hacking data and not enough on holistic underwriting?
“In trying to treat cyber as a risk analogous to cars, floods, fire, or property and thus create a stand-alone insurance policy, ‘insurers actually undercut their ability to use the wide range of different coverage formats and risk-modeling tactics at their disposal to address different facets of cyber-related risks.’ …Wolff also offers measured and practical recommendations for how to move forward in light of these problems: Different types of cyber risks should be separated into different types of insurance. Some cyber risks are so new and distinct that they may call for separate and distinct cyber policies. Other cyber risks are closely tied to existing lines of coverage and belong inside policies that deal with liability, crime, property, and car insurance.”
Source: Cyber Insurance and Cybersecurity Policy: An Interconnected History – Lawfare