Exploring the complexities of cyber insurance with Harpreet Mann

Executive Summary: Delve into the intricacies of cyber insurance with expert Harpreet Mann, as she sheds light on the challenges of risk assessment and the necessity of aligning cybersecurity practices with insurance policies.​

This article:

  • Features insights from Harpreet Mann on the evolving landscape of cyber insurance.
  • ​Discusses challenges in risk assessment and policy coverage.​
  • Highlights the importance of aligning cybersecurity measures with insurance requirements.

Introduction

In the fourth episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, delves into the intricacies of cyber insurance with Harpreet Mann, President of Amynta Trade Credit and Political Risk Solutions. Drawing on her extensive experience in insurance and risk management, Harpreet sheds light on the challenges and transformative potential of cyber insurance in today’s rapidly evolving threat landscape.

Navigating the challenges of cyber insurance

Cyber insurance has become a critical method for managing risk in this era of increasing cyberattacks. However, as Harpreet explains, the industry is grappling with a unique combination of high-frequency and high-severity events, including spectacular ransomware attacks, that challenge traditional insurance models. Unlike other insurance lines, which tend to balance low-frequency, high-severity risks or high-frequency, low-severity risks, cyber insurance struggles to maintain profitability under the strain of both. 

Additionally, Harpreet addresses the concept of “silent cyber”—policies that fail to explicitly include or exclude cyber risks. This ambiguity has pushed regulators and insurers alike to clarify coverage terms, a move championed by organizations like Lloyd’s of London. Clear policy language is critical for managing expectations and ensuring alignment between insurers and policyholders.

Incentivizing better cybersecurity practices

One of the transformative opportunities in cyber insurance lies in its ability to drive improved cybersecurity practices. Harpreet explains how insurers reward businesses with robust cybersecurity measures by offering more favorable premiums. This creates a symbiotic relationship where insurers incentivize stronger defenses, ultimately reducing risk exposure for all parties.

However, she notes the challenges faced by smaller and medium-sized enterprises (SMEs), which often struggle to meet the stringent requirements for cyber insurance. Harpreet underscores the potential role of public-private partnerships, including reinsurance backstops, to make cyber insurance more accessible while fostering a culture of shared responsibility. After all, just over a year ago the head of Zurich, Mario Greco, told the Financial Times that cyber was shaping up to be “uninsurable.”

Geopolitical risks and cybersecurity

Our conversation also explores the intersection of geopolitical instability and cybersecurity. Harpreet cites the NotPetya attack on Merck as a stark example of how state-sponsored cyber warfare can destabilize businesses and nations alike. The growing use of cyberattacks as geopolitical tools underscores the need for comprehensive risk management strategies that address both the private and public sectors.

“What’s interesting here is establishing. ‘Okay, what does war mean?’ and if war is between two states, can they draw the line that cyber attack was truly a war act by a state actor.”

Harpeet Mann

President of Amynta Trade Credit and Political Risk Solutions

A path forward for cyber insurance

Looking ahead, Harpreet emphasizes the importance of adaptability in the cyber insurance industry. She envisions a future where insurers, regulators, and businesses collaborate to create more sustainable and precise policies. By addressing challenges such as ransomware coverage and clarifying war exclusions in policies, the industry can better serve its clients while maintaining stability.

“I do think cyber will get there. The question for the industry is, is it a good practice to cover ransomware?”

Harpreet Mann

President of Amynta Trade Credit and Political Risk Solutions

Listen to the full episode

Gain deeper insights from Harpreet Mann on how cyber insurance can evolve to meet today’s challenges by listening to the full episode of Resilience Rising. The discussion offers valuable perspectives for cyber and insurance industry professionals, policymakers, and anyone interested in the future of cybersecurity and risk management.

For more updates and insights, follow:

Stay tuned for more episodes of Resilience Rising as we explore critical topics shaping the cybersecurity landscape.

PUBLISHED BY

Sean Costigan

14 Jan. 2025

SHARE ARTICLE:

Recent Posts

VIEW ALL
BEC

The threat of Business Email Compromise in US healthcare

Jack Lilley

Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…

Read more
Email

Cloudflare selects Red Sift as a preferred partner to provide DMARC and…

Rebecca Warren

AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience.  Today’s alignment enhances Cloudflare’s…

Read more
Cybersecurity

New Zealand moves to mandate DMARC enforcement

Jack Lilley

Executive summary: New Zealand’s Secure Government Email Framework mandates DMARC at p=reject—plus hard-fail SPF, universal DKIM, enforced MTA-STS, and TLS-RPT—by October 2025. The rules replace SEEMail, curb soaring phishing losses, and will affect every organization that emails the public sector. Key takeaways: The New Zealand Government has recently published the Secure Government Email (SGE) Common…

Read more
BEC

DMARC: The best ROI for your organization

Jack Lilley

Executive summary: Implementing DMARC delivers one of the clearest, fastest returns on investment in email security. By authenticating outgoing mail and blocking spoofed messages, DMARC cuts the direct costs of phishing and Business Email Compromise, safeguards brand reputation, and boosts deliverability—ultimately driving revenue and trimming operational workload. Key takeaways: Email is a critical communication tool for…

Read more