“There was a ransomware victim every 10 seconds in 2020.” “Malware increased by 358% in 2020.” “Nearly 80% of senior IT leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020.” With cyber incidents on the rise, insurance carriers are responding accordingly. Here’s what to expect and what you can do to best position your organization when shopping for cyber policies.
The cyber insurance marketplace looks very different today than in recent years.
Due to increased cyber incidents and claims, all of the following have become more common:
- Carriers not offering certain classes of cyber coverage
- Premium increases starting at 20%
- Sub-limits and co-insurance on ransomware claims
- Lower limits
- Underwriters unwilling to extend – or short extensions with restrictive terms
However, there are steps you can take to to avoid some of these problems and improve your positioning to underwriters.
Implement cybersecurity measures and reduce your risk.
Most carriers require minimum controls if you want to obtain or renew a cyber policy. Without these measures, your organization has a much higher cyber risk level. Here are three of the most common cyber security measures often required:
- All company files and data should have at least one back-up, if not two. Offsite is even better.
- Why it’s important: Regular and frequent backups means in the event of a ransomware attack, your organization can choose to not pay the ransom and be up and running sooner.
- Multi-Factor Authentication (MFA)
- You are probably familiar with this security method that verifies a user’s identity by requiring more than a password, such as a text verification code.
- Why it’s important: Users often re-use passwords. Once a password has been compromised in one breach, fraudsters are often able to access other accounts with the same password. When a hacker gains access to your email, they can use that to reset other account passwords.
- Endpoint Detection and Response (EDR)
- Like Next Generation Antivirus software, EDR relies on artificial intelligence, data analytics, and machine learning. The difference is that EDR works in nearly real time and at a network level. It protects all endpoints, not just a single device.
- Why it’s important: EDR provides real time protection for all devices connected to a network. Without other security measures, it only takes one wrong click on one device to launch a cyber attack on an organization’s entire network.
If you are thinking about obtaining a cyber policy or have an upcoming renewal, plan ahead. Implementing these measures ahead of time will help you obtain the coverage you need at the best price possible. Reducing your organization’s risk profile can help reduce your premiums. That’s true for other coverage as well, not just cyber.
Figure out your cyber risk level – and continue to monitor it.
Underwriters want to see that an organization is serious about cyber security. They want to see that you are taking action to reduce your risk profile. The first step to reducing your risk level is finding out what it actually is. Once you know where you’re at, then you can figure out what areas to spend your resources on to make the biggest impact. Something like the free Cyber IQRM we offer is a good place to start. The Cyber IQRM is a 20 question cyber liability assessment you take online. Though you receive your score right away, a risk consultant will reach out with a full report based on your responses. If underwriters know that you regularly monitor your cyber risk, you are more likely to get better premiums.
As organizations become savvier with cyber security and beef up their protection measures, we hope to see a turn toward positive trends in the cyber insurance marketplace.