How can cyber insurers build muscle to tackle privacy risks?

How can cyber insurers build muscle to tackle privacy risks?

A leading voice on privacy is urging those who do business online, and those who insure them, to address the threats before they materialize.

Jeremy Barnett (pictured), Chief Commercial Officer at LOKKER, knows that data protection threats are increasing and that insurers can play a key role in helping their customers comply with new data protection laws.

Five states (California, Utah, Colorado, Virginia, and Connecticut) have enacted consumer privacy laws in their respective territories. And the House Energy and Commerce Committee has been holding privacy hearings to try to shape a possible federal privacy law that would bring the issue more attention.

Insurers are also paying more attention to the issue, especially as the recent spate of class action lawsuits and regulatory action hits their cyber books.

Cyber ​​underwriting to address privacy risks

“Cyber ​​insurance applications can be updated to include some key questions about applicant awareness and privacy compliance,” suggested Barnett.

This may mean answering key questions about applying for cyber insurance, such as:

  • Do you have a data protection officer?
  • Do you use a consent manager platform/cookie consent on your website?
  • Do they have tools to monitor/manage 3rd party applications on their web properties?

“Just as insurers have evolved cyber underwriting with smart tools,” Barnett noted, “new insurance technology is available to help teams assess privacy risk.”

Privacy Risk Management

Cyber ​​insurers have integrated innovative tools and advisory services to help their policyholders stay ahead of cyber threats. Whether through partner law firms offering incident response planning or proprietary security monitoring tools, cyber risk management is evolving from MGAs and traditional network operators.

“The ‘table exercise’ has proven valuable time and time again for companies of all sizes,” said Barnett.

“To address emerging privacy risks, transportation companies and their policyholders should conduct a privacy tabletop exercise and create a privacy incident response plan to complement the broader cyber tabletop and incident response plan,” said Barnett. “The GC, the privacy team, the IT and marketing teams need to understand the privacy risks and know how to mitigate against them.”


As plaintiffs’ attorneys are emboldened by recent class action lawsuits, state regulatory actions, and aggressive state privacy laws, cyber insurers are faced with a spate of new privacy-related claims. Updated training on privacy regulations and compliance requirements is needed to help teams stay ahead of privacy risks. New privacy insurtech technology will help underwriters as well as claims teams. “With better information about a policyholder’s website, privacy threats can be identified and mitigated,” Barnett noted. “The Defense Council and claims handlers need better information to challenge plaintiff’s attorneys alleging that customer data was disclosed or shared.”

The best defense is a good attack – be proactive when it comes to managing privacy risks.

“A key benefit of cyber insurance for a policyholder is access to state-of-the-art tools to help prevent an incident,” Barnett said. “For privacy risks, carriers should offer their insured tools that can mitigate online privacy threats.

Many new companies, including LOKKER, are developing tools to help insurers insure data protection risks with greater intelligence and equip claims teams with advanced technology to monitor and mitigate these threats.

You can find more information about LOKKER at