Solving the Cyber Insurance Puzzle

August 17, 2022

Partnering with a technology consultant can help your organization end up with the best protection.

Cyber liability insurance is still a new landscape. And it’s changing a lot.  Right now, Multi-Factor Authentication (MFA) is the big thing.  Insurers are requiring it for coverage.  However, word on the street is that they are going to start requiring Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) protection as early as 2023.  If your organization doesn’t have these precautions in place, you could pay more in premiums. 

According to an April 2022 report from Fitch Ratings, cyber insurance accounts for less than 1% of the total insurance market but premiums grew 74% in 2021, significantly higher growth than other insurance types like property and casualty which are experiencing single-digit growth.  This is partly due to rising “loss costs” and litigation stemming from cyberattacks and partly due to increased cybersecurity requirements like MFA, EDR, multiple backups, and disaster recovery.

Here we’ll cover why partnering with an IT consultant can result in the best policy for your organization.

Not every cyber liability policy is created equally

Researching requirements and compiling an in-depth understanding of all the data an organization collects can be difficult for a single person to manage.  It’s easy to overlook nuance and finer details.  A consultant can build a detailed picture of the entire organization’s landscape so that everything gets covered adequately.

There is no one-size-fits-all from the perspective of legislative requirements on the data your company collects and holds.  It is important to find a policy that will protect your specific industry.  Why is industry-specific so important?  According to Bloomberg, disagreements over insurance coverage have led to litigation brought by both the policyholder and the policy provider because of misunderstanding of standard business liability coverage when it comes to data breaches. 

Standard business liability policies do not protect against losses due to data breaches.  A cybersecurity-specific policy can provide a wide array of coverage, including third-party indemnification, data breach notification, network security audit coverage, defense costs, remediation assistance, and credit monitoring, breach containment. If your organization has made a significant investment in IT infrastructure, it’s important to have protections in place for that investment.

Breaches, and their targets, are changing

So far, in 2022, there has been a significant uptick in ransomware.  However, breaches from social engineering, phishing, denial-of-service attacks, and patch problems are also on the rise.  Cyber liability insurance policies can cover all manner of breach-fallout including remediation assistance, third-party indemnification, credit monitoring, breach containment, crisis management, regulatory fines, and more.

Industries targeted by hackers aren’t necessarily what you’d think.  According to the Check Point Research Report (CPR) 2021, Education/Research was the sector hit the hardest by breaches – averaging over 1,600 attacks per week globally (up 75% from 2020), followed by government/military,  averaging over 1,100 per week (up 47%).  Communications averaged over 1,000 per week (up 51%).  Those industries that are top-of-mind for security risks, like Healthcare and Banking, ranked 5th and 9th, respectively, for the average weekly number of attempted attacks.

The cyber liability insurance landscape continues to change

According to the global insurance firm, Marsh, an increase in new cyber insurance buyers is beginning to offset some of the higher premiums and rising claims, allowing prices to begin to moderate for many industries.  In 2021, 50% of Marsh’s U.S. clients had purchased standalone cyber insurance, almost double the 26% of clients in 2016.

In addition, there are a number of smaller, less-known cyber insurance providers that are popping up.  A consultant can help vet those policies to confirm the coverage is right for your organization and cost savings won’t leave you vulnerable. To be eligible for lower rates, Marsh requires their clients to have a mastery of cybersecurity basics. 

A technology consultant will work with your team to complete the cyber insurance application, and subsequent annual renewal forms.  These applications are becoming more complex as the cybersecurity landscape evolves.  The process starts by building a current inventory of your cybersecurity tools, data, and resources and ends with guiding you through the application process.  Then, you’ll be best positioned to evaluate offerings from various providers to confirm your organization is covered completely and cost-effectively.

In conclusion, there’s a lot to unpack when selecting coverage that fits your organization. Cyber liability insurance is not a one-size-fits-all solution for every organization.  It’s important to take a partner to make sure your custom solution is right.  To learn more about how GadellNet Consulting can help your organization find and select the right cyber insurance policy for you, reach out to your Account Manager or contact us at sales@gadellnet.com.