Things You need to know when getting Cyber Insurance

by Doug Kreitzberg | October 15th 2021

Not a day goes by that we don’t hear about a ransomware attack on a company or get a letter in the mail saying our information was stolen, or even from the company’s accountant down the street that thought they were wiring money to the CEO when it was actually a hacker impersonating the CEO. The pace of cyber-crime is increasing, and that means trouble for your business, reputation, and trouble if you are considering buying or renewing cyber insurance coverage.

Cyber insurance typically covers what you must spend to recover from a data breach or ransomware incident, or if you are subject to social engineering fraud. It also covers you from any claims your customers or others may make against you if they are impacted from your incident. Notably, ransomware has exploded over the last 18 months and its high costs (not just in terms of ransom demand, but the costs to recover data and lost income) are hurting cyber insurance profitability. And when insurance companies are losing money, they do one or all of three things: raise premiums; reduce coverage; or apply stricter underwriting controls.

Whether you are looking to buy cyber insurance for the first time or are renewing, expect increasing rates and expect to be required to put extra security measures in place to qualify for coverage. Luckily, we can tell you what you need to know.

The 5 key security components insurance carriers are looking for include:

1. Multi-Factor Authentication (MFA):  MFA – where you not only need to key in a password, but enter a code transmitted to another device, or use your thumbprint or some alternative means of identification – is a key way to stop hackers from taking control of your system.  
2. Endpoint Detection and Response (EDR):  The hackers are getting smarter and as they do, companies need to have next generation EDR tools in place to quickly identify if someone is trying to get access to your system and prevent them from infecting the entire company.
3. Patching:  Remember that red dot on your systems app telling you there is a new update to be installed?  Install it.  That’s what patching is: and usually, patches are there to strengthen security flaws that the bad guys know about. If you aren’t disciplined in your patching, you are leaving yourself exposed.
4. Backup:  It is not enough to simply have a backup stored on your internal system (even the cloud).  Carriers want to see that there are multiple forms of backup being done, that at least one of those backups is stored off site, and that your team is regularly testing the backups to make sure they can be restored if needed.
5. SPF / DKIM / DMARC:  These are more than scrabble letters.  They help defend attackers from spoofing your email address (against yourself or against others). 

If Covid has taught us anything about our business, it is that we are now all digital businesses, which means increased risk. Cyber insurance can go a long way to keep your business going should an attack occur. But to get it, you need to have proper security solutions in place.  Doing so will get you access to coverage, reduce your costs and most importantly, maintain your reputation so you can remain competitive in this digital age.