Exploring the complexities of cyber insurance with Harpreet Mann

Executive Summary: Delve into the intricacies of cyber insurance with expert Harpreet Mann, as she sheds light on the challenges of risk assessment and the necessity of aligning cybersecurity practices with insurance policies.​

This article:

  • Features insights from Harpreet Mann on the evolving landscape of cyber insurance.
  • ​Discusses challenges in risk assessment and policy coverage.​
  • Highlights the importance of aligning cybersecurity measures with insurance requirements.

Introduction

In the fourth episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, delves into the intricacies of cyber insurance with Harpreet Mann, President of Amynta Trade Credit and Political Risk Solutions. Drawing on her extensive experience in insurance and risk management, Harpreet sheds light on the challenges and transformative potential of cyber insurance in today’s rapidly evolving threat landscape.

Navigating the challenges of cyber insurance

Cyber insurance has become a critical method for managing risk in this era of increasing cyberattacks. However, as Harpreet explains, the industry is grappling with a unique combination of high-frequency and high-severity events, including spectacular ransomware attacks, that challenge traditional insurance models. Unlike other insurance lines, which tend to balance low-frequency, high-severity risks or high-frequency, low-severity risks, cyber insurance struggles to maintain profitability under the strain of both. 

Additionally, Harpreet addresses the concept of “silent cyber”—policies that fail to explicitly include or exclude cyber risks. This ambiguity has pushed regulators and insurers alike to clarify coverage terms, a move championed by organizations like Lloyd’s of London. Clear policy language is critical for managing expectations and ensuring alignment between insurers and policyholders.

Incentivizing better cybersecurity practices

One of the transformative opportunities in cyber insurance lies in its ability to drive improved cybersecurity practices. Harpreet explains how insurers reward businesses with robust cybersecurity measures by offering more favorable premiums. This creates a symbiotic relationship where insurers incentivize stronger defenses, ultimately reducing risk exposure for all parties.

However, she notes the challenges faced by smaller and medium-sized enterprises (SMEs), which often struggle to meet the stringent requirements for cyber insurance. Harpreet underscores the potential role of public-private partnerships, including reinsurance backstops, to make cyber insurance more accessible while fostering a culture of shared responsibility. After all, just over a year ago the head of Zurich, Mario Greco, told the Financial Times that cyber was shaping up to be “uninsurable.”

Geopolitical risks and cybersecurity

Our conversation also explores the intersection of geopolitical instability and cybersecurity. Harpreet cites the NotPetya attack on Merck as a stark example of how state-sponsored cyber warfare can destabilize businesses and nations alike. The growing use of cyberattacks as geopolitical tools underscores the need for comprehensive risk management strategies that address both the private and public sectors.

“What’s interesting here is establishing. ‘Okay, what does war mean?’ and if war is between two states, can they draw the line that cyber attack was truly a war act by a state actor.”

Harpeet Mann

President of Amynta Trade Credit and Political Risk Solutions

A path forward for cyber insurance

Looking ahead, Harpreet emphasizes the importance of adaptability in the cyber insurance industry. She envisions a future where insurers, regulators, and businesses collaborate to create more sustainable and precise policies. By addressing challenges such as ransomware coverage and clarifying war exclusions in policies, the industry can better serve its clients while maintaining stability.

“I do think cyber will get there. The question for the industry is, is it a good practice to cover ransomware?”

Harpreet Mann

President of Amynta Trade Credit and Political Risk Solutions

Listen to the full episode

Gain deeper insights from Harpreet Mann on how cyber insurance can evolve to meet today’s challenges by listening to the full episode of Resilience Rising. The discussion offers valuable perspectives for cyber and insurance industry professionals, policymakers, and anyone interested in the future of cybersecurity and risk management.

For more updates and insights, follow:

Stay tuned for more episodes of Resilience Rising as we explore critical topics shaping the cybersecurity landscape.

PUBLISHED BY

Sean Costigan

14 Jan. 2025

SHARE ARTICLE:

Recent Posts

VIEW ALL
DMARC

400,000 DMARC boost after Microsoft’s high-volume sender update

Jack Lilley

Microsoft’s decision to join Google and Yahoo in enforcing stricter rules for high-volume senders has triggered an immediate response across the internet. In the last 30 days alone, 406,042 new domains have deployed Domain‑based Message Authentication, Reporting & Conformance (DMARC), pushing the global total to 13.09 million. While not all domains will be exclusive Outlook users,…

Read more
DMARC

Red Sift partners with Gradian to strengthen email security through OnDMARC

Jack Lilley

Today Red Sift launches a new partnership with Gradian, a leading data protection provider, to offer its award-winning applications, including Red Sift OnDMARC, to new and existing customers. Established through Red Sift’s relationship with UK distributor E92plus, the two companies look to strengthen defences against phishing and Business Email Compromise (BEC) attacks. Allowing organisations…

Read more
Cybersecurity

DMARCbis: What are the changes and how to be ready

Jack Lilley

Executive Summary: DMARCbis, also known as DMARC 2.0, is the forthcoming update to the DMARC email authentication protocol, designed to address limitations and ambiguities in the original standard, with an expectation to be finalized and published in 2025. The update introduces clearer guidelines, a new method for determining organizational domains, and streamlined record management.…

Read more
Certificates

TLS certificates are changing: What you need to know

Jack Lilley

Executive summary: TLS certificates are about to get significantly shorter-lived. Starting 15 March 2026, newly issued public-trust certificates will max out at 200 days—and just three years later, that lifespan drops to 47 days. Backed by Google, Apple, and Mozilla, this shift aims to make the web safer through fresher data, faster failover, and…

Read more