Cyber Liability Insurance – IT Security Requirements are Increasing

With the rise of ransomware and increasing automated bot attacks the need for cyber liability insurance has never been higher than right now.  Business owners often underestimate the cost of a breach or outage due to an attack.  Having the right Cyber Liability insurance in place can help protect your business if you qualify.

Security through Obscurity

Many small and medium business owners seem to think that only large organizations are targets for cyber-attacks.  This is mostly because the media jumps to cover attacks on large brands with big numbers attached to them, but you don’t hear much about breaches on small businesses.

Attackers use automated bots and scanning tools to comb the internet looking for a particular vulnerability.  Once found they execute an attack to gain entrance to the network.  The attacker takes it from there and can then run ransomware, viruses, or simply use your computing resources for their own nefarious purposes without your knowledge.

Small and medium businesses need to be vigilant about their network security to prevent these attacks.  Gone are the days of using hope as an IT security strategy.  Without the right solutions in place your business will get breached.  Even with all the right solutions in place there is STILL a possibility of breach.

Preparedness Matters

Take the time first to put the right solutions in place for IT security.  This will give you peace of mind knowing that there is a level of protection on your network.  Then investigate getting cyber liability insurance.

The guys at Woodruff Sawyer gave some good advice on how to prepare here.

Increased Requirements

The last few years have had a significant increase in cyber-attacks, and an accompanying claims for those that were lucky enough to have cyber liability insurance.  This has caused insurance companies to take a hard look at how they are writing their policies and who they are insuring.

The cyber insurance market is undergoing a massive shift as premiums have increased upwards of 50%, according to infosec experts and vendors, with some quotes jumping closer to 100%.

The increase in demand and payouts has made underwriters take a hard look at the application process for cyber liability insurance.  Many insurance companies have tightened the restrictions on who they will insure, policy limits etc.  They’re also requiring companies to have at least basic protections in place.  If they are specifically trying to protect against ransomware many insurance companies are requiring specific solutions to protect against it such as EDR (Endpoint Detection and Response).

Woodruff Sawyer gave us a good list of the typical asks from underwriters when putting a new cyber security policy in place.

            “We’ve seen many of our key cyber insurers implement at least one or a combination of the following to get more details and better understanding on a company’s due diligence process:

  1. Requiring a ransomware supplemental questionnaire, asking specific ransomware threat-related questions around backups and recovery, multi-factor authentication, vendor management, email security, employee training, and other network protections.
  2. Requiring a network business interruption supplemental questionnaire, asking specific questions around business continuity plans, incident response plans, and restoration and recovery procedures.
  3. Asking specific questions around measures taken to prepare for compliance with all applicable industry and privacy regulations, and tracking legislative developments.”

If a company’s answers are not favorable, they may not be able to get a policy at all.  Alternatively, the insurer may limit the scope of coverage, set a lower policy limit, or charge a higher premium.

How to get the best deal

Like all insurance, the premium will vary based on the perceived risk on the part of the insurance company.  They’re going to do their due diligence and have you answer a detailed questionnaire on your current cyber security stance. 

To get the best coverage and lowest premium you want to appear very low risk to the insurance company.  This typically means ensuring strong firewalls with perimeter protection, multi factor authentication, endpoint protection, encryption, and more.  If you can show that you’ve proactively put security solutions in place, you’ll not only enjoy the benefits of better security.  You’ll also be able to qualify for and get the best deal on cyber liability insurance.

We can uncomplicate it

i.t.NOW has helped a bunch of companies to put quality cyber security solutions in place.  We’ve also helped a bunch of our clients to answer all the questions and get through the underwriting process.  We work hard to make it a simple, hands-off process for our clients, and can help you get the best deal on your cyber liability coverage.  Call us today for a free security evaluation!