For any organization purchasing cyber insurance, understanding the variables that impact price and coverage is a wise investment of time. Since the Covid outbreak began, insurance rates have escalated upwards of 400%, even for companies with no prior claims. Beyond cost increases, the application process is more complex, the percentage of accepted applications has decreased, and the coverage limits have shrunk.
Looking back ten years or more since the inception of cyber insurance policies, several factors have led to these changes. Early on, policies were easy to obtain because the market was new, and claims were far and few between. With many firms willing to underwrite policies and a low percentage of claims, many companies purchased insurance in lieu of investing in security programs (people, process, and technology). The shift to work from home environments expanded the risk footprint and dramatically increased the number of claims filed. As one would expect, the market has changed, and understanding how to navigate it will drive the best value for any organization.
1) Implement Basic Security Program Best Practices
There is a direct link between the cost of a premium and the perceived risk of coverage. Having a basic security program in place will reduce premiums, but it also dramatically reduces the likelihood of a data breach. Entire books are written to cover defining and implementing best practice security, but there are a few key components all companies should consider.
- Awareness Training –educate employees on how to avoid the common pitfalls of phishing and other forms of social engineering attacks.
- Multifactor Authentication – beyond a username and password, multifactor authentication provides a 3rd layer (texted code, fingerprint, etc.) to validate employee identification before accessing company resources.
- Ongoing Network Scanning – Scan networks inside and outside the firewall to identify software flaws (vulnerabilities) that cause 60% of data breaches.
- Security Monitoring – Like a home monitoring service, organizations can purchase or hire resources to monitor the IT infrastructure. These solutions watch for unusual behaviors, like an employee extracting large volumes of company data at 3 am and generates alerts for investigation.
2) Work with a Cyber Insurance Specialist
Companies with in-depth experience in cyber insurance are invaluable assets. They provide insights on suitable coverage and ensure that evaluated options are consistent from one carrier to another. A specialist helps find the right policy at the right cost. Taras Shalay, Midwest Managing Director at Jencap, highlights the importance of this step, “Look for an agent that has dealt with cyber for at least the past ten years. Cyber is difficult to quantify and is constantly changing.”
3) Select a Policy Suited to your Business
Like any other form of insurance, Cyber coverage has many options available. Not every business needs the same coverage. Liabilities for a manufacturing firm are much different than a healthcare provider. Evaluating coverage limits is just one piece of the equation; equally important is understanding what is required to maintain the coverage.
4) Get Competitive Bids
Despite the growing cost of obtaining insurance, competitive market conditions prevail. It is time well invested in requesting competitive bids. The work completed in #2 above will set a level playing field for competitive bids. This approach ensures the best coverage for the least amount of financial outlay.
The dynamic and costly nature of cyber insurance makes diligence a crucial part of the process. Take time to review the details and see guidance from resources with the experience and background to streamline the process.