Cyber Insurance Incident Response: Market tends towards commoditization

In the context of economic welfare, the key fact of cyber insurance that sets it apart from likely any other insurance type is the possibility through efficient and economic incident response to limit and reduce damages acting as the equivalent of a fire brigade where there is no such service yet. Taking the same empirical view of the claims side of the industry, a new paper by analyzes the current landscape of incident response coordinated by cyber insurance carriers. How does cyber insurance shape incident response? by Daniel Woods. A dissenting view focuses on how insurers funnel work to its panel of incident response firms, generally less than ten firms. So why do those IR firms get so much work? Such firms are added to panels because they agree to provide services at a low hourly rate, even fixed prices for some investigations, and have built a relationship with insurers by employing various strategies. Did insurers both increase access to incident response while simultaneously have reducing the average quality of investigation? Did insurers democratise or commoditise incident response? How can we reconcile the two perspectives? Like a typical academic, I argue both can be true providing insurers triage effectively. Thus, our study finds that cyber insurance has shaped incident response in two main ways: establishing incident hotlines that coordinate response resources by triaging cyber incidents; making possible an IR business model that can serve firms with low IT maturity and that does not rely on pre-existing network access.