Is your organization’s cyber insurance renewal coming up soon? While ransomware attacks are becoming more prominent, businesses need to be proactive with cyber insurance. However, due to demand, insurance costs are accelerating; the Council of Insurance Agents & Brokers’ latest market survey indicates an 18% increase in cyber insurance renewal prices. As organizations get ready for their cyber insurance renewal, they should understand coverage areas, policies, and potential costs to minimize any increase in premiums.
Preparing for Cyber Insurance Renewal
The best time to begin preparing for cyber insurance renewal is now. First, take a risk assessment to ensure your business has a strong security posture. Work closely with your insurance agent to begin the renewal process and determine how your organization stacks up against more stringent requirements. Policies might change year to year, so it’s critical to stay proactive on how to address any new changes.
As for timing, some insurance carriers might be open to extending coverage for 30 to 90 days to allow extra time for a company to comply with requirements. Actual implementation can take four to eight weeks, depending on if the business implements internally or works with an outside, credible technical partner.
Many insurance carriers prefer a third party like a managed services provider to implement new requirements so that businesses can leverage their expertise to implement new cybersecurity technology.
Cyber Insurance Requirements
Get ready for your cyber insurance renewal by enabling the following technology, which will help secure your business and put you in a better position for your coverage to be approved.
Multi-Factor Authentication (MFA)
As the first line of defense, you should require multi-factor authentication to access the network and any device that may be exposed while accessing it, especially for remote work, privileged accounts, and all cloud and SaaS-based applications.
Endpoint Detection and Response (EDR)
Boost your endpoint security with endpoint detection and response. EDR secures your business at the device level (for example: computers, laptops, services, and phones), so you can detect and respond to cyber threats more efficiently.
Managed Detection and Response (MDR)
Managed Detection and Response is more expansive than EDR. While EDR is endpoint protection software, MDR is a service that protects your infrastructure with 24/7 monitoring, detection, and mitigation. Leveraging human intelligence with a security operation center (SOC), helps discover, prevent, and recover from attacks faster.
Regular Updates and Patching
Organizations should keep a documented cadence of all software and firmware updates that occur on a consistent basis. Security patches can protect your business from attacks by correcting known vulnerabilities within your software. Unfortunately, many businesses don’t stay current on their patches, resulting in possible data breaches. Patch management can help mitigate your risk, remove bugs from your system, and improve functionality.
Secured Backups and Recovery
Businesses should backup their systems regularly in a separate, secured on-site location and within the cloud. Backup solutions are critical for cyber insurance renewals as your business will be able to use its system backup vs. paying out costly ransom if attacked. Your business should also have a formalized disaster recovery plan to minimize potential downtime.
Tested Incident Response Plan
While the goal is to never experience cyberattacks, insurance carriers will want a comprehensive, documented incident response plan in place. This should include a step-by-step communication process with insurance carriers, IT providers, legal teams, public relations, and customers.
Dark Web Monitoring
Organizations should assess their company’s proprietary information and its accessibility to bad actors. Dark web monitoring looks for data located on a deep part of the internet, not accessible through normal means.
Employee Security Training
With human error being a primary reason for data breaches, regular employee security training can help educate team members against popular scams such as email phishing. Only having employee training once or twice a year will likely not cut it either. Continuous security training helps employees retain the material and use what they’ve learned in real life.
Cyber Insurance Risk Controls
In order to get the best rates, businesses should proactively assess their security practices. As successful cyberattacks continue to increase, insurance premiums will continue to go up, with requirements getting more stringent. In fact, the average amount paid out from a cyber loss claim more than doubled from 2019 to 2020, increasing from an average of $145,000 to $358,000.
Insurers will thoroughly assess an organization’s security protections during their cyber insurance renewal. The below checklist can help businesses quickly measure their situation:
- Does the business maintain a very low number of domain-administrator, user, and service accounts with disabled interactive logins?
- Does the business have tight control over open ports?
- Does the business use multi-factor authentication for all remote users and access to cloud-based services such as Microsoft Office 365? Is multi-factor authentication used for all privileged accounts?
- How often are critical software and firmware security patched and updated?
- Does the business utilize Advanced Endpoint Detection and Response (EDR) protection?
- Is the network segmented?
- Are there offline or immutable data backups?
- Does the organization still utilize legacy or out-of-support systems? If yes, is strong mitigation used?
- Has the business conducted social engineering tests?
Cyber insurance premiums continue to climb, and with higher costs and more stringent due diligence from insurance carriers, proactively preparing for the renewal season is a must. Utilizing a credible IT partner like TPx will provide an additional level of confidence for both internal teams and external insurance carriers. To learn more about how you can be prepared for your upcoming cyber insurance renewal, read our helpful guide or contact a TPx representative.