Beazley and Chubb join Munich Re in “risk protection program”

Google Cloud has added two new insurance partners to a “risk protection program” (RPP) that lets customers share cloud security posture data directly from their cloud environment with participating cyber insurers.

Beazley and Chubb this week joined long-standing Google partner Munich Re in the RPP, promising policy holders “forensics, ransomware negotiators, data recovery, PR and legal expertise” if they suffer a breach.

Google Cloud said today that it has also onboarded Munich Re Specialty and its SMB-focused subsidiary HSB to the programme. (Munich Re was a founding partner  in 2021.) It has also expanded coverage of the RPP to 30 EMEA countries including the UK, Ireland, and Israel, the hyperscaler said. 

The programme’s expansion comes at a tough time for cyber insurance providers.

New member Chubb warned in late 2024, for example, that:

“The increasing frequency and severity of such cyber events is pressuring insurers’ attritional loss ratios, while systemic exposures with catastrophic potential grow ever more pervasive…
[Most of the industry is] lowering capacity, increasing rates, and making industry- or coverage-specific underwriting adjustments. While Chubb is taking similar actions, we are also drawing upon our decades of experience and significantly larger business scale to focus on the bigger-picture issue of systemic exposures.”

Google is positioning itself at the centre of this space via two key portals:

  1. A “Cyber Insurance Hub, provided by Google: This tool enables a quick assessment of your risk posture across Google Cloud and facilitates a streamlined process for procuring cyber insurance.”
  2. “Tailored Cyber Insurance Policies, provided by partners: These are available through a modern, low-friction underwriting process, and use data submitted by customers [for] personalized pricing…”

(Those seeking to explore cyber insurance could do worse than to review some of the preliminary questions that Chubb asks prior to a quote, spanning remote access, MFA, and backups; e.g. on the latter, does your organisation have “immutable or Write Once Read Many (WORM) protections; completely Offline or Air-gapped Segmentation from the rest of your network; access to backups restricted via separate Privileged Accounts that are not connected to your standard Active Directory…” etc.)

Monica Shokrai, Head of Business Risk and Insurance at Google Cloud, commented today: “The cyber insurance market is still maturing, particularly with regards to how metrics are used to assess risk. 

“Many CISOs we talk to are frustrated by the insurance procurement process, often feeling like the questions being asked on insurance applications don’t accurately assess their risk, despite insurers investing in continuously improving their process. There’s also a general concern that cyber insurers can’t yet adequately price cyber insurance as a whole, which can contribute to market swings and concerns over rising rates…”

She added: “With our expanded Risk Protection Program, we’re working hand-in-hand with insurers to change that. By combining real-time cloud security insights with insurer expertise, we can improve risk visibility, enable smarter underwriting - and ultimately, offer broader and more affordable protection to our customers.”

The RPP expansion highlights a drive to tie full coverage of a business' cloud security to Google Cloud, coming shortly after a the $32 billion acquisition of Israeli cloud security company Wiz and a $5.4 billion purchase of threat intelligence business Mandiant in 2022.

AI Insurance?

This drive is also evident in the additional benefits offered by Beazley, Chubb, and existing partner Munich Re, which include access to Mandiant Intelligence as well as “AI insurance” and post-quantum protections.

The “Affirmative AI insurance” now included in the RPP builds on both Google’s 2023 AI indemnification commitment and a growing interest in comprehensive coverage of the cybersecurity risks associated with AI use.

Without going into much detail, Google said the “explicit” coverage for Google-related AI workloads “provides clarity and reduces uncertainty around the unique risk associated with generative AI.”

Meanwhile, customers with Chubb will also gain "quantum exploit insurance coverage" as they're encouraged to "foster preparedness" for potential attacks and security challenges from future quantum computing advancements.

Other benefits allow “qualified Google Cloud digital native customers” opting for Beazley insurance to skip a full insurance application in favour of a single-page attestation.

The programme is part of Google’s “shared fate” approach to security, it said, an idea loosely tying Google Cloud’s security responsibilities to customer best practice. For example, it provides “secure policy hierarchies”, cloud users just then have to implement them properly.

The RPP is not totally unique to Google though, AWS offers a similar “Cyber Insurance Competency” programme for users to share their security posture with an approved list of insurers, though these partnerships don’t explicitly appear to include any additional benefits.

The link has been copied!