Cyberattacks have become commonplace in the business landscape. Cyber insurance is more important than ever, but many don't understand how much coverage they need, what is covered, and how the claims process works.
Knowing these essentials is crucial to keeping your business safe and ensuring that you are prepared for whatever may come! Let's take a look at how to keep your premiums down while also meeting the required standards for your insurance policy.
This blog is an excerpt of a recent webinar.
Don't want to read the article? Watch the full recording below.
Be sure to register here for the "Cybersecurity for Business Leaders" Lunch & Learn series!
Understand Your Policy
Knowing what you need from your current or future cyber insurance broker is important. Here are some key things to look for.
Compare Policy Options and Requirements
When it comes to cyber insurance, it pays to shop around. Take a look at each provider's cybersecurity requirements, and see if you're able to match them. Sometimes more thorough policies require standards that your business simply isn't able to reach without a complete overhaul of your infrastructure. Be realistic.
Insurance forms of all kinds can be difficult to understand. We always recommend reviewing documents with a qualified legal professional BEFORE signing a contract. Review what is and/or isn't covered. Prepare yourself before your policy goes into effect.
Note the Claims Filing Process
Also take note of the claims filing process. This can get very complicated and detailed very quickly. If any steps or data are missing, your claim could be denied. Simple steps, such as using an incorrect form can cost you your claim.
Cyber Insurance Premiums and Deductibles
All providers have a minimum premium based on the type of insurance they provide. Many will offer discounts based on you meeting specific requirements to lower cybersecurity risk. Also, cyber insurance deductibles are typically very high to prevent small events from becoming a claim. Knowing the specifics of your policy will help you make informed decisions about whether or not to file a claim in the future.
Plan Ahead for Your Cyber Insurance Renewal
Unlike traditional business insurance, cyber insurance covers damages and liability expenses caused by cyberattacks.
If your business has a cyber insurance policy, it's critical that you take steps to renew without any gaps in coverage. Insurers will review your security measures during renewal and ensure you take all the necessary steps to protect your assets. If you're not prepared, the process can be very stressful.
You could face a costly premium increase and/or a denial of cyber coverage.
That’s why you should start the process early and plan to make changes to improve your approval chances. In addition, you should be prepared to answer questions about your security processes.
Your insurance agent can help you understand what's included in your policy and what isn't. They can also point you to additional resources that can help you mitigate your risk.
For example, they might suggest that you invest in a cybersecurity risk assessment to better understand your readiness for a cyber insurance renewal. The assessment will provide you with a score that can help you determine where you may need to focus your security efforts.
Another option is to engage with a managed services provider with an experienced cybersecurity team to evaluate your security maturity and prepare you to meet the standards for cyber insurance. Some companies even offer self-led assessments that give you a score and allow you to see where gaps exist in your cyber security program.
This is an ideal way to measure your security maturity and see where your company can improve. It can also help you see where insurers require more from your organization and how they might treat your application if it doesn't meet the requirements.
Once you've completed the assessment, it's time to work with your risk manager or insurance broker to discuss the best ways to update your security practices and mitigate your insurance risks.
This conversation should be started at least 90 days before your cyber insurance policy expires.
Engage Your Cyber Insurance Broker As Early As Possible
The cyber insurance market is a constantly evolving, fast-paced environment. Premiums are increasing, and the bar for obtaining coverage is rising as insurers increasingly demand assurances that an organization is doing all it can to prevent cybersecurity incidents.
That’s why it’s important to engage your broker as early as possible to get the renewal process going… at least 6 months before, if possible. This will allow you and your team plenty of time to plan and prepare comprehensive submission materials highlighting your investments in security and improvements from the prior year.
Engaging early in this process will also help your broker identify and address potential pitfalls or issues before they occur, minimizing the risk of surprise non-renewal during renewal. Your broker can work with you to prepare submission materials, including financial statements, detailed data on PII and revenue, and the specific security controls your organization has to mitigate or avoid a cyber event.
In addition, your broker might be able to help identify and address gaps in your current security posture that can improve your cyber insurance rating and provide recommendations and market comparisons that will allow you to evaluate your risk in a more objective way and ensure that your risk appetite is properly defined as a business so that your organization can secure the appropriate level of coverage.
The cyber insurance market is constantly changing, so engaging your broker early in the renewal process will help ensure that you’re getting the most out of your insurance purchase. Begin by making sure you are able to meet the requirements for cyber insurance, and then work with your broker to implement the rest of the process to ensure you get the right coverage for your business.
Review Your Cybersecurity Risk
During a cyber insurance renewal, it is important to review your risk. This will help you understand what the premiums are likely to be and how you can minimize any increase. In addition, it is also essential to have a strong understanding of the policy terms and exclusions that could affect your coverage.
Depending on the size and scope of your business, insurers will place you in a risk tier, which can be low, medium, or high. For example, a large organization with a significant amount of data and a higher annual revenue will generally be deemed to be a more risky company than a small, micro business.
Insurers will also consider whether your business has a mature cybersecurity program in place that is capable of preventing an attack. They will want evidence that your business has adopted cybersecurity best practices, including these baseline requirements for insurance approval:
- Regular updates of software and security systems to ensure that they're up-to-date and able to detect the latest threats.
- Enforcement of strong password policies, including requiring employees to use and change complex passwords regularly.
- Mandatory employee training on cybersecurity best practices that includes recognizing and avoiding phishing scams and other cyberattacks.
- Regular data backups and storage securely in off-site locations to ensure you can recover it during a cyberattack or other disaster.
- Implementation of multi-factor authentication that provides an additional layer of security for sensitive systems and data.
- Implementation of penetration testing, which simulates real-world cyberattacks and uncovers weaknesses that might otherwise go unnoticed, so you can prioritize and address these weaknesses before they can be exploited.
- Conducting regular security audits to identify potential vulnerabilities and address them before they can be exploited by cybercriminals.
These are all critical security measures that can be implemented before your cyber liability policy renewal to ensure you have the protection you need and keep your costs down. If your business doesn’t meet the latest standards, you may be ineligible for coverage, even if you had previously obtained it.
Review Your Cyber Insurance Policy
As cyber threats continue to grow, insurance companies are adding new requirements that many businesses may not be prepared for. These requirements can increase your premiums and/or prevent your company from maintaining coverage.
With this in mind, we encourage you to examine your cyber policy before you renew it-closely. This will help ensure that your business is protected and that you have the best possible outcome if a cyber incident occurs.
- First, ensure your cybersecurity insurance policy includes a robust definition of the risks it covers. This is essential to ensure your business is covered in a data breach, ransomware attack, or any other cyber incident.
- Next, make sure you have the right level of coverage to suit your needs and budget. This is when you want to speak with your current broker or another licensed insurance broker to review the various policy options available, including what is considered acceptable risk and the cost of your coverage.
- Lastly, review any exclusions that apply to your company. These can include a requirement to implement certain cybersecurity controls or a lack of coverage for events outside your control (e.g., human error).
If you do not meet these requirements or are unwilling to comply, your business may not qualify for these policies or even get a quote.
Another important consideration is that your insurance company will almost certainly reference data privacy laws during renewal. These laws protect consumer privacy and can levy significant liability if you suffer a data breach.
That’s why it’s critical to make sure that you understand the data privacy laws in your area and those applicable to your industry. Often, insurers will provide supplemental resources to assist you in meeting these requirements.
If you need assistance, speak to your insurance broker about how to prepare for your next cyber insurance renewal. They can provide recommendations on how to best manage this critical step in the process and provide insight into the best policies to purchase for your company.
Look For Ways To Keep Your Cyber Insurance Premiums Down
So you and your business have done the hard work necessary to meet the qualifications for cyber insurance…but the premiums still take a sizable bite out of your budget. In that case, consider one (or more) of the following strategies to keep the cost of your cyber insurance premiums down to a manageable rate.
Consider Bundling Policies
Bundling policies like cyber and general liability insurance can reduce costs. Insurers often offer discounts for bundling policies, and it can simplify the insurance purchasing process. Businesses should review their policies and identify areas where costs can be reduced, such as by increasing deductibles or reducing coverage limits. Obtaining quotes from multiple insurers to ensure the best deal is also important.
Consider Higher Deductibles
Increasing deductibles can help reduce premiums, but businesses should ensure that the deductible is not so high that it becomes a financial burden in a cyber incident. Careful consideration should be given to the organization's financial situation when choosing a deductible.
Review Coverage Limits
Businesses should review their coverage limits to align with their cyber risks. Coverage limits that are too low can leave the organization vulnerable, while coverage limits that are too high can lead to unnecessarily high premiums. Finding the right balance is key.
Reviewing the policy's exclusions is important to ensure the organization's specific risks are covered. Unnecessary exclusions may limit coverage in the event of a cyber incident.
Review Third-Party Contracts
Businesses should review their third-party contracts to ensure that they include cybersecurity provisions and indemnification clauses. This can reduce costs by transferring cyber risks to third parties.
By implementing these strategies, your business can ensure adequate cyber insurance coverage while keeping their premiums affordable.
By taking the above steps, businesses can reduce their cyber premiums and ensure they have the insurance coverage they need during a cyber attack.
Cyber insurance is a must-have for businesses of all sizes; supply chains, customers and partners demand it. Consider it a "cost of doing business" in the digital age. But by being proactive and taking the steps above, you will do everything you can to keep your data safe and your costs as low as possible.