In the not-too-distant past, getting a cyber insurance policy meant filling out a form, answering a few questions, and deciding what level of coverage you wanted. That is no longer the case. Qualifying for a cyber insurance policy today is more likely to be a tedious process that requires significant due diligence by the issuer.
Increases in cybercrime, data breaches, and ransomware attacks have insurance providers taking a closer look before issuing or renewing policies. With multimillion-dollar payouts being more commonplace, many insurers are now more cautious. As a result, several major providers have stopped issuing new cyber insurance renewals, while others have reduced liability rates at the same time they are significantly increasing rates.
Why You Need Cyber Insurance
For most companies, it’s not a matter of if you’ll be the target of a cyberattack, but when. According to the FBI, there are more than 4,000 ransomware attacks targeting businesses every day. The Identity Theft Resource Center (ITRC) 2021 Annual Data Breach Report revealed that ransomware-related breaches have doubled in the past two years.
Many organizations think they don’t need cyber insurance because they feel their environment is secure or that they won’t be a target. Neither represents a guarantee. Even if you take appropriate measures to secure your networks and data, you still face threats from employee errors and third-party providers.
Phishing attacks remain the top method of deployment for malicious payloads. All it takes is one employee clicking on the wrong link to launch an attack from inside your network.
Third-Party Provider Vulnerabilities
The fastest growing category of cyber attack is from third-party providers and digital supply chains. Some of the biggest breaches over the past two years have been the result of attacks on other companies that served as third-party providers. Your network is only as secure as the connections you have.
Preparing for Your Cyber Insurance Renewal
There are proactive measures you can take to help obtain cyber liability coverage and cyber insurance renewals.
Your first step should be to get a free Cyber Security Insurance Risk Assessment to evaluate your risk potential and readiness. This can help you see where additional security measures may be needed to meet the requirements for cyber insurance.
You should also start your preparation early to make sure you have your systems locked down. Expect a rigorous review, so it helps to have the answers to the questions you’ll be asked.
Here’s a short checklist of what insurers will likely want to see before issuing a cyber insurance renewal:
- Multifactor authentication
- Endpoint security with managed detection and response
- Backups and Disaster Recovery
- Privileged access management
- Email and web filtering
- Formal patch management
- Cyber incident response planning
- Vulnerability assessment, including third-party risk assessment
- Employee security awareness training
- Remote desktop protocol (RDP) mitigation
- Real-time network monitoring
- End-of-life systems replaced or protected
- Supply chain risk mitigation
In the year ahead, you can expect cyber insurance renewals to require more reporting and due diligence on behalf of insurance providers. By taking proactive security measures, you can harden your systems and be better prepared.
The experts at TPx can help you prepare for your cyber insurance renewal by proactively implementing recommended cybersecurity solutions. Reach out to a TPx representative to learn more about our cybersecurity offerings.