Some of the more recent, important changes in the cyber insurance marketplace include:
- Reduced capacity: Insurance carriers are not comfortable with giving as much coverage, because they know there is a higher probability of having to pay out that amount.
- Rate increases: We are seeing a 25 percent to 100 percent increase in rates to account for higher, more frequent losses.
- Underwriting scrutiny: Underwriters have gone from asking very little about an organization to basically wanting to be a part of your IT team. They are asking more questions about controls, and if they deem you high risk, they may not offer you coverage.
Simply applying for cyber insurance has become more involved. Insurance companies have enhanced their application questionnaires to understand whether a company is at risk for ransomware and various other types of cyberattacks. Carriers use these yes/no questionnaires to score applicants and set insurance rates, as well as determine whether they will offer a policy at all.
These questionnaires are a critical part of the insurance process, and you need to fill them out as accurately and completely as possible to ensure you don’t compromise your rates or eligibility for coverage. The number of “no” answers you give could disqualify you for coverage – so thorough assessment of your risks before you apply is critical.
The RSM Middle Market Business Index 2021 Cybersecurity Special Report (MMBI) found that 65 percent of respondents currently use a cyber insurance policy to protect against internet-based risks. That number has steadily risen each year, and represents a 3 percent increase from last year’s data. Similar increases were seen in the data for larger middle market organizations that carry a cyber insurance policy (71 percent), as well as their smaller counterparts (59 percent).
A cyber insurance policy is only as good as the details of the protections it offers, and the MMBI survey found that companies have an increased awareness of their coverages, which is a positive sign. In the current environment, with providers frequently making changes to coverage limits and options, you should stay in contact with your vendor and make adjustments as needed to make sure your protections meet insurer expectations and provide proper coverages.
- Assess your cybersecurity program: What is your business doing that exposes you to cybersecurity risks? How many of those risks are still evident after applying certain controls? What decisions do you need to make to address those remaining risks?
- Plan for the future: Establish a balanced program with investments focused on managing risk across key cybersecurity areas.
- Go for quick wins: For maximum impact on your coverage, make immediate adjustments such as implementing multifactor authentication on external connections, removing local admin rights, hardening email accounts, undergoing incident response exercises, and ensuring patching is up to date.
| Your local Astec dealer |
|---|
| Closner Equipment Co Inc |
In the current threat environment, cyber insurance is an imperative protective measure for middle market companies. The financial, reputational and regulatory impact that breaches often create can be extremely harmful, and a well-designed cyber insurance policy can help lessen those damages.
Taking the right steps to shore up your cybersecurity approach will show insurers that your company is taking a proactive stance against threats and reducing vulnerability against emerging risks – better positioning you to keep your policy in effect, and save money.
