Thought Leaders: What to Know About Cybersecurity Insurance

By Scott Warner - Connecting Point — 

As a managed IT services provider (MSP), we believe businesses should carry cyber-liability insurance. Insurance companies have offered cyber-liability policies for years but increased malicious activity (up 485% in 2021) has come with an increase in claims.

The process to apply/renew cyber policies now includes a business’s ability to show adherence to basic best practices or risk being denied coverage or paying additional premiums. Below is a list of IT security protocols required of businesses working through the application/renewal process and a few additional changes a business might experience through this process.

The Application/Renewal Process

Most insurance providers will require foundational  IT security practices, including:

– Consistent application of Microsoft security patches/updates

– Dedicated email security toolset

– Dedicated data backup/disaster recovery solution

– Multi-factor authentication (MFA) enabled on email, and potentially remote access, and administrative accounts

– “Next-Generation Antivirus” toolset on all endpoints

• “Next generation antivirus” is called Endpoint Detection & Response and is significantly more effective than traditional antivirus at preventing/recovering from ransomware attacks.

– End-user security awareness training/testing

– Documentation of Disaster Recovery and Incident Response plans

Additional Trends in the Cybersecurity Process

Insurance Companies lowering coverage limits for some industries. In higher-risk industries, insurers reduce their risk by lowering coverage limits and payout amounts on ransomware.

Insurance companies denying claims where companies misrepresent their alignment to required IT security protocols. There are many examples of insurance companies denying claims when a breach occurs – specifically if they uncover discrepancies between the IT security protocols the customer claimed to have, and what was present during the breach/attack. This results in the insured being held completely liable for remediation and recovery.

Premiums continue to increase. Insurance premiums rose between 10% and 30% through the second half of 2020 and will continue to rise through 2022.

Expanding elements of a cyber-liability policy. Cyber insurance is designed to protect your company from primary risks such as network security/privacy liability, network business interruption, media liability and errors and omissions.  The best policy for your business will contain elements of each and should be built to provide customized protection.

Certain industries are requiring businesses to have a cyber policy to engage in bids.  Many industries where outside contractors are bidding on projects are now requiring contractors to carry some amount of coverage. This forces businesses to implement foundational IT security measures to be insured, prior to bidding on projects. 

The end result is that cyber insurance has advanced from a very niche risk-transfer tool into a critical requirement for businesses of all shapes and sizes. Not all cyber policies are created equal, so finding a qualified partner to get you the right coverage is paramount.  Connecting Point is here to help. Whether you are looking to prepare your business to be insured or need to enhance your IT security posture to be covered, we will partner with your business to better prepare and cover for these, and many other aspects of IT security, strategy and delivery.