An adaptive, modular response model offers the best way to recover from cyberattacks, Crawford & Company says.

More corporations are bringing cyber incident responses in-house rather than relying on their insurers, according to a new report from the claims management group.

But this approach opens gaps in competency that become apparent only when an incident occurs, it warns.

It is “causing a shift in how companies view the value and function of cyber insurance, while also potentially distancing the insurer from the management of cyber incidents”. 

Incident response plans can be “untested and static” as threats evolve, and third-party vendors “pose another potential shortfall” in skill levels.

Crawford recommends a modular approach that allows insureds to plug in selected services as required. This overcomes the limitations of a one-size-fits-all approach, fills competency gaps and allows insureds to dial services up or down. 

It says using an experienced loss adjuster to co-ordinate or support incident management leads to a response that falls within insurance policy guidelines. The adjuster can also be a conduit between the insured and the insurer or reinsurer, so they are integrated into the response, Crawford says.

“With AI accelerating the speed at which the cyber threat landscape is evolving, plugging any gaps in cyber competency is a critical and ongoing part of any corporation’s cyber resilience,” international cyber technical director William Gow said.

“Through deploying an adaptive service model, insurers can help their clients ... adopt an approach that is more collaborative, relevant and flexible.”