PILOT 3 CYBERSECURITY INSURANCE HORIZONTAL PILOT
KARAVIAS, GREECE
BRIEF PROFILE
The cyber insurance pilot will focus on the evaluation of the SYNAPSE platform and toolset for the purposes of cyber insurance covering both the perspective of the insurer and the perspective of the insured.
The pilot will contribute to the design and development of the SYNAPSE platform and toolset as an instrument for creating cyber insurance policies (providing both first and third-party coverage) and validating and managing claims made against such policies.
SCOPE
We expect to use the SYNAPSE platform to identify and/or fine tune the risks to be covered by the policy, the level of cover required for each of them and overall, for the policy, and estimate the premium (cost) of the policy for the insured.
To do so, the insurer will utilize the SYNAPSE platform to identify the critical assets of a healthcare service organisation that is to be insured and the risks associated with them using the different types of assessment that SYNAPSE will offer (e.g., vulnerability assessments, penetration testing, CTI etc.), estimate the level of cover needed for them by evaluating the potential economic impact of the identified risks, and finally depending on the selected level of cover estimate the policy premium.
Insurers may also be able to provide more accurate pricing of insurance premiums, by analyzing claims historical data and comparing them to relevant predictions at the outset of the policies. This activity will require the development of special purpose assessment models focusing on cyber insurance, covering both the technical and economic impact of the identified risks.
SYNAPSE platform will be also used to validate a claim against the evidence recorded for a healthcare organisation within it. The evidence to be recorded for a policy will be determined by special cyber insurance assessment models, including, for example, monitoring models to record system operations, penetration testing models to confirm or otherwise detected incidents and vulnerabilities, hybrid models etc.
The above capabilities may also be used by healthcare organisations to explore their insurance needs and prepare their claims.
Hence, SYNAPSE can facilitate insurance contract negotiation and establishment process as, both the insurer and the insured, can make use of some common organisation and system specific data.
Furthermore, SYNAPSE can help addressing the adverse selection and moral hazard in cyber insurance by enabling both the insurer and the insured to have access to the same (undisputed) evidence during an incident investigation, and through this enable more fair and transparent premium estimation, and risk pricing processes.
Finally, SYNAPSE can help insurers and insureds to agree on adopting particular security controls, that can reduce risks and make cost effective insurance policies.