We’ve had a lot of conversations with clients recently that were trying to get covered with Cyber Security Insurance for the first time or going through a renewal. Claims paid out by cyber insurance companies have gone up significantly in the last few years because of ransomware, phishing, and other threats.
Insurance companies are getting stricter about required security requirements and will deny your application if adequate security measures are not in place. Without proper security measures, businesses can expect renewal premiums to skyrocket if you can get approved at all.
Guidance From Insurance Professionals
To help our clients best secure their networks and get the most value out of both the security solutions and the cyber insurance policy we reached out to insurance professionals. They provided the below chart as guidance as what underwriters consider essential protections.
Like all insurance products cyber security insurance looks at risk to determine premium prices. The more layers of network security you have in place the lower risk you are to an insurance provider. This can translate into savings on your premiums. High risk policies are being rejected by most carriers at this time because of the number and size of claims they’ve received over the last few years.
The “sweet spot” for most of our clients in terms of security and premiums seems to be satisfying all the red and amber requirements on the above chart. This helps to keep premiums reasonable while offering excellent protection from threats.
Why You Should Get Cyber Security Insurance Coverage
A recent article from Nerdwallet offered some sound advice on why you need coverage.
“Cybersecurity insurance protects businesses against financial losses caused by cyber incidents, including data breaches and theft, system hacking, ransomware extortion payments and denial of service. For small businesses that store sensitive information online or on a computer, this coverage could prove useful.
Among small businesses with fewer than 250 employees, the average reported cyberattack cost was about $25,600, according to a 2021 report from Hiscox, an insurance provider. That amount could be enough to shutter some small firms.
“Cybercrime is very opportunistic,” says Nathan Little, vice president of digital forensics and incident response for Tetra Defense, a cyber risk management company that assists insurers and companies in preventing and recovering from cyberattacks. “Every company, no matter what the size, is an opportunity for a cybercriminal to make some kind of money.” He adds that hackers often programmatically look for targets and attack small firms because of certain vulnerabilities, not because they’re set on attacking a specific company.”
i.t.NOW works with each client to ensure they have the right security solutions in place and can connect you with insurance experts that know the cyber security space. They can advise on the coverages that will best fit your business needs. Each carrier has it’s pros and cons, and slightly different requirements for security. Solutions frequently requested by insurance carriers include the following
- Multifactor Authentication on email, and any external network access such as VPN or Remote Desktop Gateway servers.
- Offsite Backups
- Endpoint Detection and Response
- Employee Cyber Security Training
- Email Filtering
- Privileged Access Management or PAM
- Inventory and Decommissioning of all End-of-Life Hardware and Software
- Written Cyber Security Guidelines and Incident Response Plan
There are others that might end up on that list based on your specific carrier or risk profile. Carriers commonly request these solutions. They also offer a good level of protection.
With a little preparation and the right partner, qualifying for cyber security insurance doesn’t have to be difficult. i.t.NOW has security experts that can help you implement the right solutions to protect your business and allow you to get the best deal on your premiums. Feel free to reach out with any questions you have, and we’ll be happy to assist.
i.t.NOW is not an insurance company. We do not sell insurance. i.t.NOW’s goal is to protect our clients from risk and threats. We will always refer you to an insurance professional for policy specific questions and coverage information.