Partnering with a technology consultant can help your organization end up with the best protection.
Cyber liability insurance coverage is a still-evolving landscape. A lot is changing, including the types of cybersecurity measures required for an insurer to cover an organization. In 2023, many insurers require Multi-Factor Authentication (MFA), Endpoint Detection and Response (EDR), and Security Information and Event Management (SEIM). This is a step up from the coverage requirements we saw for our clients even just 12 months ago.
According to an April 2022 report from Fitch Ratings, cyber insurance accounts for less than 1% of the total insurance market but premiums grew 74% in 2021, significantly higher growth than other insurance types like property and casualty which are experiencing single-digit growth. This is partly due to rising “loss costs” and litigation stemming from cyberattacks and partly due to increased cybersecurity requirements like MFA, EDR, multiple backups, and disaster recovery.
In April 2023 Fitch Ratings reported that rate increases for cyber renewal premiums have slowed but remain significant – +50% in 2022 vs. 2021. The number of cyber coverage policies increased by over 50% in 2022, despite the higher costs.
Here we’ll cover why partnering with an IT consultant can result in the best policy for your organization.
Not every cyber liability policy is created equally
Researching requirements and compiling an in-depth understanding of all the data your organization collects can be difficult for a single person to manage. It’s easy to overlook nuance and finer details. A consultant can build a detailed picture of the entire organization’s landscape so that everything gets covered adequately.
There is no one-size-fits-all from the perspective of legislative requirements on the data your company collects and holds. It is important to find a policy that will protect your specific industry. Why is industry-specific so important? According to Bloomberg, disagreements over insurance coverage have led to litigation brought by both the policyholder and the policy provider because of the misunderstanding of standard business liability coverage when it comes to data breaches.
Standard business liability policies do not protect against losses due to data breaches. A cybersecurity-specific policy can provide a wide array of coverage, including third-party indemnification, data breach notification, network security audit coverage, defense costs, remediation assistance, credit monitoring, and breach containment. If your organization has made a significant investment in IT infrastructure, it’s important to have protections in place for that investment.
Breaches, and their targets, are changing
Breaches from social engineering, phishing, denial-of-service attacks, and patch problems are on the rise. Most notably, the rise of SI and machine learning (such as ChatGPT) will create new opportunities for exploitation and advanced attacks. Cyber liability insurance policies can cover all manner of breach-fallout including remediation assistance, third-party indemnification, credit monitoring, breach containment, crisis management, regulatory fines, and more.
Industries targeted by hackers aren’t necessarily what you’d think. According to the Check Point Security Report (2023), Healthcare attacks increased 74% year over year, but Education and Research remain the most heavily targeted sectors.
This same report from Check Point calls out the weaponization of legitimate tools that became a trend in 2022 and has continued into 2023. This sophisticated strategy has targeted Microsoft, Apple, Google, and others. This is yet another example of how the ever-changing landscape of cybersecurity forces security providers and insurance companies alike to be nimble.
The cyber liability insurance landscape continues to change
According to the global insurance firm, Marsh, an increase in new cyber insurance buyers is beginning to offset some of the higher premiums and rising claims, allowing prices to begin to moderate for many industries. In 2021, 50% of Marsh’s U.S. clients had purchased standalone cyber insurance, almost double the 26% of clients in 2016.
In addition, there are a number of smaller, less-known cyber insurance providers that are popping up. A consultant can help vet those policies to confirm the coverage is right for your organization and that cost savings won’t leave you vulnerable. To be eligible for lower rates, Marsh requires their clients to have a mastery of cybersecurity basics.
A technology consultant will work with your team to complete the cyber insurance application and subsequent annual renewal forms. These applications are becoming more complex as the cybersecurity landscape evolves. The process starts with building a current inventory of your cybersecurity tools, data, and resources and ends with guiding you through the application process. You’ll be best positioned to evaluate offerings from various providers to confirm your organization is covered completely and cost-effectively.
In conclusion, there’s a lot to unpack when selecting coverage that fits your organization. Cyber liability insurance is not a one-size-fits-all solution for every organization. It’s important to take a partner to make sure your custom solution is right. To learn more about how GadellNet
Consulting can help your organization find and select the right cyber insurance policy for you, reach out to your Account Manager, Strategic Consultant or contact us today.