Is your cyber insurance policy up for renewal in the coming months?
If so, you need to be aware of the changes that have occurred in the marketplace over the past year. A year with a record number of security incidents and claims paid out.
This is a very challenging market for insurance carriers.
Premiums are going up dramatically for many companies often ranging 30-50% or much more. Higher deductibles, limits for ransomware coverage, coinsurance and supplemental applications are among the other requirements insurance companies are putting in place. And in some cases, carriers are not renewing policies.
As one commentator recently phrased it, “we’re all screwed” when writing about the forecast for ransomware attacks in 2022. Yet, the cost of a breach would likely well exceed the cost of the higher premiums and implementing additional security measures. That cost could be the business itself.
What steps do you need to take to retain your coverage and minimize a premium increase?
We’re hearing from our clients and insurers about some of the newer renewal requirements depending on the nature of your business:
Multi-factor Authentication (MFA)
It’s no longer just required to access your network but across all surfaces that may be exposed while accessing them – for remote work, privileged accounts within the network, and for all cloud and SaaS-based applications. If it’s possible and feasible, do it.
Endpoint Detection & Response (EDR)
This is designed to continuously monitor end-user devices to detect and respond to cyber threats.
Managed Detection & Response (MDR)
This is more expansive than EDR. It’s designed to cover the total network environment to include 24/7 SOC (Security Operation Center) monitoring and scanning for open ports.
Regular Updates and Patches
Do you have a documented cadence of these occurring on a timely basis? With the speed and volume of new threats increasing, installing patches and updates as they become available reduces your exposure.
Secured Backups and Recovery
Carriers want businesses to have current backups that are in a separate, secured location that require MFA for access and a solid disaster recovery plan to minimize any potential downtime.
Tested Incident Response Plan
In the likelihood your business is attacked, carriers want to know you have a documented incident response plan in place. This includes how you will coordinate your actions with your insurance carrier, IT provider, legal, public relations and your customers.
Remove End-of-Life Software
Software applications that are no longer supported by the publisher represent a significant vulnerability. Do you have a process to remove those from your network and endpoints as soon as they reach EOL status?
Dark Web Monitoring
You want to know if your company’s proprietary information is accessible to bad actors.
Most security incidents are caused by human behavior. A recent report by the Ponemon Institute on insider threats (i.e., your employees) indicated that while 26% of incidents were a result of inside criminal activity, the remaining 74% were the result of employee negligence or theft of their login credentials.
Therefore, regular employee training to identify possible security threats is essential. Phishing campaigns are one effective method to train employees to become more skeptical of what they might click. It also provides the company a gauge as to the overall effectiveness of their training.
Exposure to High-Profile Vulnerabilities
Underwriters are asking their clients if they were exposed to previous high-profile threats such as SolarWinds, Microsoft Exchange Marauder or the Windows Print Spooler vulnerabilities. If the answer is yes, they will want any details as to mitigations taken and how they checked to see if there were any compromised to their environment.
Vendor Supply Chains
This has become increasingly important since many companies become exposed to threats from their vendor partners. As a key vendor in your supply chain, do you know what measures your IT partner takes to ensure their own security?
Start Preparing for Renewal Now
The list above should indicate the time to start preparing for renewal is now. Work with your insurance agent to begin the application process to determine how you stack up to these more stringent requirements.
This assessment alone may take several months. It may require another 4-8 weeks to implement whether you do it internally or through your IT provider at some additional cost. Yet the costs may be offset by a reduction in premiums or determining whether you can even maintain coverage.
We have heard from clients and insurers that some carriers are open to extending coverages anywhere from 30-90 days to complete the actions that would bring a company into the carrier’s compliance requirements.
Finally, work closely with your IT provider and bring them in as a credible technical partner to the insurance company so they can reinforce the actions you are taking. A solid IT partner will provide an additional level of confidence for your carrier that you an insurable risk.