Cyber insurance: Elusive. Expensive. Essential.
Worried about whether you can meet rapidly changing cyber insurance requirements? You’re not alone. But there are steps you can take to help secure (and afford) protection.
It’s a vicious, painful cycle: inadequate security measures leave organizations vulnerable to cyber crimes, most notably ransomware and phishing attacks. The frequency and severity of attacks make cyber insurance harder to qualify for, more expensive, and more restrictive. And that in turn can leave organizations without crucial coverage needed to protect their financial and customer data, intellectual property, and reputation.
The good news? Organizations can take proactive, strategic steps to meet the more demanding coverage requirements and lower cyber insurance costs. The other good news? These steps are best practices designed to advance an organization’s security stance.
The devastating toll of cybercrime
The far-reaching impact of cyberattacks cannot be understated. They’re a threat to organizations of all shapes and sizes, spanning the business and industrial landscape. They also result in millions in payouts – and they’re on the rise.
Here are a few statistics to help put this unsettling issue into perspective:
- 54% of organizations have experienced a cyberattack in the last 12 months
- The use of stolen credentials was the top attack method in more than 40% of data breaches in 2022
- More than 80% of organizations experienced at least one successful phishing attack in 2021
- The average cost of a data breach in 2022 was $4.35 million ($10+ million in healthcare)
This alarming picture is driving demand for cyber insurance in an environment where both carriers and their prospective customers have an enhanced need to lower risk and financial exposure. And while cyber insurance was much easier to secure and afford just a few years ago, the prohibitive cost and disruption of cyberattacks have moved the goal posts. Not surprisingly, all of that has created pain points for security leaders, including frustration with ever-changing coverage requirements, as well as limited budgeting, staffing, and time to address these shifting needs.
Cyber insurance: A look behind the curtain
The troubling attack environment is putting cyber insurers in a position of greater influence and control. Contending with increasingly higher risks, they’re focused on protecting their interests when considering coverage qualifications, restrictions, and costs.
This reaction by insurers is being felt on several fronts, including:
- Insurance providers have significantly raised premiums – 79% from Q1 2022 to Q2 2022
- 27% of data breach insurance claims were not paid due to a policy exclusion
- 70% of organizations with cyber insurance have a separate policy for ransomware
The bottom line is that insurers are requiring strong proof that an organization’s data is secure, and they’re now applying more stringent criteria. They want to know that proactive plans are in place to prevent, detect, and respond to cyber threats. And there’s obviously a lot at stake: failing to meet these requirements can result in actions including policy cancellations, tighter coverage limitations, higher premiums, denial of claim payment, or even failure to qualify for coverage.
No longer a routine exercise consisting of about a handful of standard application questions, the underwriting process is now complex and time-consuming. And it requires significant preparedness and perseverance. The application is now much more detailed, and typically leads to multiple follow-ups so underwriters can better understand the business environment and current security measures.
Security controls and best practices
So, what exactly gets underwriters excited? Which security measures will successfully propel you through the underwriting criteria gauntlet? An organization’s ability to check the “Yes” boxes requires specific security controls driven by best practices. It’s a question of which ones you have in place, and which are missing.
The security control gold standard for insurers involves a comprehensive platform of integrated digital identity solutions that enable, control, and monitor user access. Specific solutions that help organizations satisfy cyber insurance demands for more stringent security controls include:
- Multifactor authentication for on-premises and remote network access
- Privileged account management for internal and external users
- Eliminating the use of generic accounts on shared endpoints
- Terminating user access rights as part of the employee exit process
- Enforcing stricter password polices
As part of this coverage pursuit, it’s important to keep two important points in mind that impact operational and cost efficiencies. First, careful planning is key – to avoid scrambling, organizations should review their policies well in advance of their renewal date in order to research, evaluate, and purchase new technologies needed to meet changing underwriting requirements. And second, it’s beneficial to consider the improved efficiencies resulting from a single-vendor solution, including a reduced total cost of ownership, limitation of the potential attack surface, and simplified ongoing solution management.
While the alarming frequency and severity of cyberattacks have created a devastating new reality, careful planning and strategic action can help minimize risk, disruption, and financial exposure. A proactive security approach can go a long way to deliver important protection, including vital cyber insurance coverage. And it can help security leaders sleep better at night. Learn more about lowering your risk profile and cutting cyber insurance costs.