Last week news broke of two security flaws in computer processors that affect virtually all computers, smartphones and smart devices such as televisions and refrigerators.
The first flaw, nicknamed “Meltdown,” applies specifically to Intel chips. The second flaw called “Spectre,” is more difficult for an attacker to exploit but has no available patches yet and lets attackers access the memory of devices running Intel, AMD, and ARM chips.
This article from Woodruff Sawyer & Co., an insurance and risk management company, considers the cyber insurance underwriting implications of these flaws. The article states that once a bug becomes known and a patch or solution is available, the burden shifts to the device owner to download the patch and update their device. Cyber underwriters will want to know if business owners have patched all vulnerable devices, and how long it took to do that after the patches became available.
Another area of underwriting focus will be device obsolescence. Intel has stated that the patches released to address the vulnerability will focus on devices introduced in the last five years. Since manufacturers are not motivated to keep updating old equipment, and it may be difficult for companies to ensure that their entire network is free of the vulnerability if they don’t migrate to newer machines.
The article concludes that companies that are proactive in dealing with the chip vulnerabilities will improve their cyber security – and their ability to secure good cyber insurance.