The severity of cyberattacks continues to escalate and businesses are being hit harder than ever. Cyber criminals are constantly evolving, which means that organizations must continue to advance and stay up to date in order to protect their business and employees.
Cyber Insurance Becomes More Difficult and Costly to Obtain
Cybercrime continues to rise, as well as the costs associated with it, and it’s becoming much more difficult and costly for companies to obtain insurance policies that could reduce their financial risks. Price increases are being driven by a greater demand for coverage and the heightened risk that businesses are facing. According to the Marsh Global Insurance Market Index, cyber insurance prices continue to rise, reaching 79% in the second quarter of 2022 after doubling in each of the previous two quarters.
Given the circumstances, obtaining coverage for your business isn’t as easy as it used to be. Insurers are requiring more in-depth information from businesses regarding their cybersecurity policies and procedures. If your business lacks a strong cybersecurity posture, you can expect to see steady price increases in premiums and renewals, limited coverage, and even denial of coverage entirely.
Doug Kreitzberg, CEO and Founder of SeedPod Cyber, gives his insight into what carriers are looking for.
“Cyber insurance protects your business from a compromise of your system typically due to some type of malicious or accidental action (ex. data breach, ransomware, phishing attacks).
What are carriers looking for?
- Business stability – How long have you been in business?
- Types and volumes of data – Do you have a lot of sensitive or valuable data or financial transactions?
- Governance – How does your organization view risk? Do you have a cybersecurity policy? Do you have an individual that oversees security?
- Industry – Healthcare and financial services, and often retail, are considered riskier by carriers.
- Revenue size – Typically, revenue size is where the rating begins from the carrier standpoint. The greater the revenue, the larger the base rate will be.
- Technical Controls – A longer list of questions that are trying to find out what you have within your environment regarding cybersecurity and if you are doing the right things to keep your systems as secure as possible.
One important thing to note: When submitting an application, be sure to answer as truthfully as you can. Talk to your IT department and ask your carrier or broker if you’re unsure about something.
A great example of why this is important is the Travelers vs. ICS case. An insured company had stated they had Multi-Factor Authentication (MFA) over all sensitive data and assets. In reality, they only had MFA on one type of asset, which was the firewall. The carrier, Travelers, when presented with the claim, decided to rescind the policy – meaning if they would have known what the insured actually had in place, they would not have issued the policy in the first place. This is a perfect example of why you need to answer questions truthfully and reach out for help on your application if you need it.”
How To Improve Your Cybersecurity Posture
Cybercriminals are constantly evolving, which means your organization’s security processes and procedures need to as well. A strong cybersecurity posture is extremely important in order to obtain cyber insurance and protect your organization.
Bill Goldin, Director of Cybersecurity and Risk Management at Lloyd Group, covers the top five essentials to improve your cybersecurity posture.
“Cyber insurance companies are paying a lot more attention to who they insure and what services they must protect themselves from in the ever-evolving cyber landscape. Here are the top five essentials you must have to set your company up for success when applying for cyber insurance.
- Have a written information security policy – Having a written information security policy shows that your company takes cybersecurity seriously and that you have a different level of maturity when it comes to cyber.
- Email security – Insurers are checking to make sure you have proper email protocols like DMARC, DKIM, and SPF setup correctly. Security awareness and email phishing training are a must!
- Identity Management – Use Multi-Factor Authentication (MFA) for everything, don’t use local admin accounts for regular users, and ensure you are implementing strong password policies.
- Security Products and Services – Having an Endpoint Protection Platform (EPP) is a must now. Insurers are looking for EPP, which combines Endpoint Detection & Response (EDR) and next generation AV solutions.
- Backup and Resilience – Ensure your organization has offsite backups and plans that are tested. They will be asking if you have run a table top exercise.”
For more information, check out our recent webinar featuring Bill and Doug: Cyber Insurance Essentials for Today’s Market.
At Lloyd, we focus on creating continuously evolving security policies and programs to give you the confidence that comes from knowing your business is always secure.
Contact us to learn more about our cybersecurity and risk assessment offerings to determine your current security posture and how you can increase your resilience against cyber threats.