New York DFS’s Cyber Insurance Risk Framework Explained

TLTR: The cyber insurance risk framework is an important set of guidelines. This article discusses how you can adopt it to protect your clients.

With the world still recovering from the COVID-19 pandemic, an even bigger portion of our lives is online. While the internet has been a blessing in terms of connectivity, it has a dark side… cybercrime.

According to Statista, 72% of all Americans worry about being a victim of cyber attacks. So, it’s become apparent that private and government institutions need cyber insurance to combat growing risks.

Finally, in response, New York State has issued a cyber insurance risk framework to all authorized P&C insurers in the hopes of helping them stem the tide of cybercrime. So, the framework was launched by the state’s Department of Financial Services (DFS), and is the first of its kind. In a statement, they say they recognize that “cyber insurance plays a key role in managing and reducing cyber risk.”

Chiefly, cyber insurance policies commonly cover such things as data theft, identity theft, fraud with forged business emails, and attacks using ransomware trojans.

In this blog

Elements of The Cyber Insurance Risk Framework

Some of the things the framework was designed to promote include:

  • Sustainable growth of the cyber insurance market
  • Appropriate pricing for cyber-risk coverage
  • The closing of price gaps and maintaining a semi-structured pricing trend
  • Claims lodged under cyber insurance policies
  • Better cyber risk management

Basically, the framework was based on industry consultation, i.e., on the advice from cybersecurity experts and other stakeholders.

cyber insurance risk framework protection

What’s in The Cyber Insurance Risk Framework

Establish a formal cyber insurance risk strategy

All Insurance companies should follow a standard protocol to measure cyber insurance risks. To accomplish this, the criteria should:

  • Approval from senior management
  • Have clear qualitative and quantitative goals for risk and progress
  • Complete all seven parts of the cyber insurance risk framework

Manage and eliminate exposure to silent cyber insurance risk 

According to Insurance Business America, “silent cyber” refers to “potential cyber-related losses stemming from traditional property and liability policies that were not specifically designed to cover cyber risk.” The framework urges insurance companies to determine if their clients are susceptible to this risk. Many P&C insurers don’t explicitly offer cyber insurance but the framework suggests they reevaluate their stance on this coverage.

It’s important to note that partial coverage from silent risks can be found in e&o insurance and even product liability insurance.


Evaluate systemic risk

Many big organizations, both private and public, use third-party vendors for their digital needs. These third-party vendors are prone to cyber threats. For instance, as per CSO Online, the SolarWinds’ Orion software update was bugged by Russian hackers to access government and other systems.

A catastrophic cyber event like this can compromise an insured’s safety. So how can this be avoided? The framework suggests; designing a regulatory body to work for constant improvement.

Rigorously measure insured risk 

Although cybersecurity risks are pretty common, their impact on individuals can vary. The framework suggests that insurers that offer this coverage must have a concrete plan to assess each insured’s cyber risks.

The insurers should collect data from the following sources:

  • The institution’s cybersecurity program
  • Corporate governance and controls
  • Vulnerability management
  • Access controls
  • Encryptions
  • Endpoint monitoring
  • Boundary defenses
  • Incident response planning
  • Lastly, third-party security policies

Hence, comparison on this data with past claims to provide better coverage is the suggested protocol.

effective cyber insurance risk framework

Educate insureds and insurance providers

This is especially important for an insurance agent. They have an essential role to play when it comes to educating both the insurers and insured parties. They are responsible for ensuring that needs, benefits, and limitations are understood by both parties.

Insurers should aim to offer more comprehensive cyber insurance. They should also work on awareness campaigns that provide relevant information regarding cybersecurity. And clients should be given discounts and encouragement to buy cyber insurance.

Obtain cybersecurity expertise

Insurance companies that offer cyber insurance should recruit professionals who are experts in the field of cybersecurity.  Certainly, it’s a commonsense suggestion that will help companies upgrade their policies.

Require notice to law enforcement  

By and large, with most insurance claims, insureds should be required to notify law enforcement if they need to file a claim.

The Department of The Treasury has issued an advisory sanction for facilitating potential ransomware reports. The framework suggests that a filed cybercrime complaint should hasten the processing of related claims. Undoubtedly, the lodged complaints are important for potential prosecutions.

value cyber insurance risk framework


Despite the cyber insurance risk framework being issued only by the DFS of New York, significant underwriters are already following it. The framework is logical and makes sense to major carriers.

The New York DFS has taken the first step to outsmart malicious hackers. Indeed, it’s about time that the rest of the nation follows.

We have partnered with all the major national insurance carriers. Work with us to stay ahead of trends.

Was this blog helpful? Let us know in the comments below!


Related Articles

Leads for insurance

3 Simple Ways to Leverage Networking to Generate Leads for Insurance in 2021

how to become an independent insurance agent

How to Become an Independent Insurance Agent

A Cheat Sheet

Independant Insurance Agent 1

Insurance Claim Process

Helping Clients is The Best Way to Retain Customers and Gain Referrals