Get ready for upcoming changes to cyber insurance policies. Due to risk associated with the increase in remote work, insurers are more likely to initiate in-depth cybersecurity risk analyses of companies seeking to purchase or renew policies, the Wall Street Journal reports. The adoption of stringent privacy regulations in the United States and abroad could also justify additional scrutiny by insurance companies during the initial underwriting and renewal process.
Companies may soon feel the impacts of this additional focus in their pocketbooks. Aon PLC warned policyholders to expect premiums to increase substantially—by at least 20 percent and possibly as high as 50 percent in 2022.
Additionally, experts predict that insurers may implement stricter indemnity limitations, refuse to fully pay out claims (especially those associated with ransomware), and may even decline to renew policies for certain organizations.
What to Expect for Cyber Insurance Moving Forward
While cyber insurance can prove critical in helping an organization recover from an attack, it is not designed to replace proactive security operations. That means that businesses should prioritize prevention and risk mitigation to avoid an attack that triggers a cyber insurance claim.
To convince potential insurers to extend coverage, risk owners, such as CROs, CFOs, and other executives, must work with IT and cybersecurity teams to mitigate risk and present a proactive and compelling case regarding the organization's efforts to maintain and improve its security posture.
In addition to helping secure coverage, organizations with more comprehensive security operations in place may see their efforts rewarded with lower premiums. While the available discounts vary by carrier, efforts to bolster cybersecurity foundations will likely earn reduced premiums or better coverage as well as more comprehensive policies. Efforts could include:
- Multi-factor authentication
- Regular risk assessments
- Security awareness training
- 24x7 monitoring, detection, and response of cyber threats
Be Strategic, Cautious, and Determined
Working with insurance companies that offer cyber insurance demands a savvy approach to presenting your existing cybersecurity capabilities.
As part of their efforts to improve the profitability and management of cyber insurance policies, many insurers use a laundry list of security buzzwords to describe their expectations related to cybersecurity. This is where security operations experts can help. They can provide guidance on which capabilities are new and required—and which ones you may already have but refer to using different terminology.
Be sure to proceed with caution and be wary if your insurance company fails to conduct a security assessment, either during the initial underwriting process or during the subsequent renewal process. A cyber insurer that doesn't account for an organization's risk profile may lack a deep understanding of cybersecurity in general—and may not be a supportive partner in the event of an incident.
We also recommend that you staff your security program with suitably qualified professionals. And you’ll need to ensure that the team has processes prepared to mitigate the impact of risks where and when they occur. This step is critical in protecting the organization and earning and maintaining the confidence of an insurance company.
What’s more, it pays to shop around—especially as the insurance industry continues to reinvent its approach to cyber insurance. Set aside time to gather and compare policies and premiums. Don't overlook trusted industry experts, including cybersecurity firms that work with insurance companies as preferred partners who can help you understand the coverage you need to prepare for a security incident. It might also make sense to work with a cyber insurance broker, ideally one with experience helping companies in your industry purchase coverage.
If you're looking for more information on which policy makes sense for your organization, The Cyber Insurance Buyer’s Guide will help you understand the changes to the cyber insurance marketplace.
Choose Your Partners Wisely
While the insurance industry wrestles with how best to insure cyber risk, premiums will continue to increase, and the amount of coverage offered may decrease or require greater cybersecurity investment by organizations that wish to establish and retain a policy.
In addition to traditional cyber insurance policies, the security partners you select may offer additional coverage from existing vendors. For example, Arctic Wolf offers service assurance, which includes up to $1 million in additional coverage for customers that implement comprehensive security operations solutions.
As the cyber insurance marketplace evolves, organizations should select insurers carefully. The true test of the relationship will come in the event of a claim, of course, but taking the above considerations into account will increase the chances that relationship will be as strong as it needs to be should an unfortunate incident arise.
For further info on upcoming changes in the insurance market, view our webinar The State of the Cyber Insurance Market and learn:
- Why insurers are rethinking cyber coverage and claims in the wake of increasingly aggressive cyber attacks.
- Why businesses are likely to see their cyber insurance premiums increase, or even see some cyber security coverage dropped entirely.
- Why leaders should consider risks and mitigation strategies as they assess their readiness and liability when it comes to breaches or attacks.