The Cyber Insurance Crunch: Two Big Mistakes to Avoid 

Written By Lynne Smelser

Do you have car insurance? Of course, you do! And you probably feel very confident about why you need it and how to get it. 

So, what about cyber insurance? How do you feel about that? Maybe not quite so confident? Let’s look at some significant issues related to cyber insurance, and help you get on track. 

First of all, it’s crunch time in the cyber insurance market right now. That’s because cyber insurance carriers are: 

  • Setting increasingly stringent conditions for coverage 

  • Charging prohibitively high premiums if you don’t meet their premier underwriting standards 

  • Declining to renew—or even cancelling—coverage for under-qualified policyholders 

Several factors are driving the cyber insurance crunch—and even causing some carriers to get out of the market altogether. These factors include: 

  • 73% of businesses getting hit by ransomware over the past two years 

  • The average cost of a data breach increasing 15% in the last three years 

  • Only 23% of businesses having true incident response plan in place 

Another factor is the commercialization of cybercrime on the Dark Web. Criminals no longer have to be technically sophisticated to launch attacks. Instead, they simply purchase ransomware and other attacks “as a service” from cybercrime wholesalers, which means an increase in attacks. 

To make matters even worse, state actors such as North Korea and Russia are escalating their malicious cyberactivity as well. This means even greater issues for your organization. 

So, your organization is already under tremendous pressure. Now consider the fact that you’re deploying more technology, storing more data, doing more business online, and letting more employees work from home. Do you know what that means? Yep, your exposure to attacks and the potential financial impact of those attacks has increased. 

That’s why carriers are making policyholders pay more and requiring them to be far more diligent about cybersecurity. 

So, here’s the bottom line: If you want cyber insurance coverage that’s reasonably affordable, you’ve got to get your act together. That’s right. You need a clear vision and a plan for your organization’s cybersecurity. 


Two mistakes to avoid

Unfortunately, small businesses make two big mistakes when they shop for cyber insurance coverage:  

  • Mistake #1 is assuming that basic security is sufficient to qualify for coverage. It isn’t. Everybody has a firewall and antivirus. Those are table stakes. Insurance carriers demand more. A lot more.  

  • Mistake #2 is believing you’re a safe bet for carriers simply because you’re a relatively small business. Actually, insurance carriers see smaller companies as bigger risks (proportionally speaking) precisely because they typically underinvest in cyber defense. 

And insurance carriers are justified on both counts. In fact, their underwriting departments have hard empirical evidence indicating that 1) “good enough” isn’t good enough anymore and 2) small companies can be riskier to insure than large corporations. 


Impress, don’t stress

So, how can you qualify for the cyber insurance you need, and how do you get the best coverage at the best price? 

First and foremost, you must prepare in advance to answer carriers’ underwriting questions affirmatively and with confidence. Those questions will likely include: 

  • Have you rigorously implemented multi-factor authentication? Is it fully enforced? 

  • How often do you do backups? How do you make sure they’ll really work in a crisis? 

  • What firewall do you use? Is it up-to-date and optimally configured? 

  • What are your endpoint protections? Can you prove they’re running on every device? 

  • Do you have a true breach response plan? Have you tested it with tabletop exercises

  • How do you manage access permissions? How do you revoke them when an employee leaves your company? 

  • Do you regularly perform penetration tests

  • Do you have a data loss prevention (DLP) mechanism in place? 

These are just some of the questions carriers ask. There are more. And, ideally, you want to give the right answers when the carrier first asks them rather than having to go back and remediate shortfalls after you get caught short in your initial underwriting review. 

“Do I even need cyber insurance?” 

Of course, you do. Insurance is an integral component of any risk management strategy. That’s why you take out insurance policies on your car, your home, your car, your health, and even your life. 

You don’t want to get into a car crash. So, you drive safely. But you also transfer the financial risk associated with a crash to an auto insurance carrier. 

The same is true of your business. You don’t want to get hacked. So, you implement cybersecurity. But you still transfer the financial risk of getting hacked to a cyber insurance carrier. 

Unfortunately, getting cyber insurance coverage isn’t nearly as easy as getting car insurance. That’s why it’s essential to up your insurability game ASAP. 

Need help? 

If you want help preparing for your engagement with a cyber insurance carrier, think about engaging with [your company]. We understand today’s carrier requirements, and they can help bring your program up to carrier’s current standards. 

And remember: The investment you make in raising your program up to your carrier’s standards won’t only pay off in better coverage at a better price. It will also materially reduce your business risk. 

To learn more about how your company can help you qualify for optimal cyber insurance coverage, reach out to us at info@vcsomagazine.com. 

 

 

Lynne Smelser
Previous

Overcoming the Global Cybersecurity Talent Shortage 
Next

Compliance and the “Kevlar Receipt”