Keeping your organization cyber secure and readied means procuring cyber and data insurance. So how much cyber insurance is enough, and how can you adequately protect your business and clients? Before exploring options with an insurance underwriter, you need to know that there’s no such thing as ‘enough’ and the first prerequisite to securing–and maintaining–coverage is having a solid cybersecurity program in place.

Cyber Insurance Can’t Do It All

Focusing on cyber insurance as a stop-gap to cover losses and cyberattack claims after the fact may not be the best and most effective tactic. Cyber insurance alone can’t keep you secure because it too is a moving target, just as cyber threats are fluid and magnifying up and down the supply chain.

The best plan is built around understanding there is always some level of risk. Set a goal to reduce or mitigate as best as possible to remain resilient–while using insurance coverage to recover losses.

Cyber Insurance Costs Continue to Increase

The evolution of ransomware and social engineering attacks has radically altered the landscape of cyber insurance, with premiums surging 50% in 2022. According to the credit rating agency AM Best, first-party claims in 2022 accounted for close to 75% of all cyber insurance claims on an increase in business email compromise attacks, offsetting declines in ongoing ransomware claims.

Cybersecurity insurance providers made a return to profitability amidst the evolving cyber landscape, largely by increasing policy costs and shifting to tighter underwriting requirements, among other factors. According to AM Best, direct written premiums for cyber policies have tripled in the past three years, driven by high demand.

As Risks Rise, Insurance Remains a Must

Providers are opting out of the market, raising premiums, being selective about who and what they will cover (some won’t handle government customers due to escalated risk), and requiring detailed information and a ‘prospectus’ on your cybersecurity program.

Requirements for insurance coverage are becoming ever more stringent, and underwriters are carefully examining the potential insured and making sure they have specific cybersecurity processes in place. If you have a robust cybersecurity program, you will be more prepared when seeking cyber insurance and less likely to be denied (or dropped).

Prepping for the Insurance Talk

In fact, the cybersecurity plan in place at your organization will play an important role in the types of cybersecurity insurance you are able to attain, how much it costs, and what coverage limits you’ll be afforded. We’ve developed a handy resource outlining 12 questions to ask your cyber insurance provider.

Cyber Insurance Prerequisites

Cyber insurance companies are pushing prevention by requiring basic controls, such as multifactor authentication, user awareness training, and more. Getting ready to obtain coverage takes a thoughtful strategy tied to in-house cybersecurity testing, protocols, and other programs. Some of the items you need to address as part of your comprehensive cybersecurity solution may include:

• Incident response plans
• Cybersecurity awareness training and assessments
• Policies for employees using company assets

Take a look at our cyber insurance readiness checklist to see if your organization is prepared for working with underwriters to get the right policy at the right price.

Insurance is Part of a Total Solution

Cyber insurance is a critical risk mitigation tool, but it isn’t a standalone measure and requires a thorough and complete process that starts with a solid cybersecurity program. Comprehensive cybersecurity is the best option to obtain insurance coverage and protect your organization from a cyber-attack.

Defendify delivers cybersecurity expertise and support through a single platform that includes streamlined cybersecurity assessments, testing, policies, training, detection and response in a consolidated and cost-effective solution. When it’s time to talk to an insurance provider, we’ll ensure you’re prepped and ready for a fruitful discussion.

More Resources for Cyber Insurance Readiness:

Webinar: The Perfect Storm of Cyber Insurance: How Did it Get So Complicated?
Blog: How Does Cyber Insurance Work and Where to Start?
Blog: The Cost of Operating Without Cyber Insurance