Cyber insurance premiums are increasing and so is infosec's determination to get a slice of that pie: Cloudflare is partnering with Mandiant, Secureworks, and Crowdstrike in a "rapid referral" partnership for under-attack companies.
The move was announced today as Cloudflare claimed that insurance premiums "have increased upwards of 50 per cent," with price hikes mainly hitting "the small and medium enterprises that find themselves as the common target for these cyber attacks."
Cloudflare is teaming up with insurance and infosec companies alike to produce what it terms as a "cyber risk partnership program," combining incident response, insurance and mitigation, dangling the carrot of "discounts on premiums" to tempt SMEs into signing up.
The integrated partnership includes three US-based insurance brokers: At-Bay, Coalition, and Cowbell Cyber. It seems to be aimed at organisations that see security attack insurance as an expensive luxury for the big boys.
As an example, Cowbell Cyber chief exec Jack Kudale said in a canned statement: "Through partners like Cloudflare, we want to encourage these businesses to adopt the best security standards and proactively address vulnerabilities, so they can benefit from savings on their cyber insurance policy premiums."
In this Kudale echoed the British government, whose National Cyber Security Centre has been quietly but insistently banging the cyber insurance drum over the last couple of years, though its beat changed fairly recently to recommend actual security spending instead of insurance alone.
- Blogfight! Blogfight! Blogfight! Fastly flames Cloudflare's serverless stats
- Cloudflare network outage disrupts Discord, Shopify
- FireEye sold to McAfee's new owners for $1.2bn as Mandiant split into standalone firm again
- Cyber insurance model is broken, consider banning ransomware payments, says think tank
With ransomware attacks hitting pretty much every business and governmental sector you can think of, cyber insurance has become a vital tool to prevent businesses faced with extortion demands (and rebuilding networks from scratch) from collapsing under the financial strain.
Some hoped cyber insurance would result in a driving-up of security standards, though it seems insurers are mostly raising prices and looking for ways to stop paying out so much to attack victims.
Cloudflare and its partners seem to be hoping that this general trend in cyber insurance is an opportunity for them – and blending DDoS mitigation with incident response and insurance certainly won't hurt.
Cyber insurance is a hot topic at the moment. The upper levels of the infosec chatterati have voiced concern after the Lloyd's Market Association published draft cyber attack insurance clauses that suggested state-backed attacks wouldn't qualify for coverage. The Register asked Lloyd's why this was so and its underwriting director explained. ®