Cyber Insurance Requirements: Timely Considerations for CFOs
Today’s cyber insurance requirements are leaving many organizational leaders, including CFOs, contemplating the benefits of pursuing or renewing coverage. But in a threat-heavy environment, the realization that you need coverage is more easily reached than developing the plan needed to procure it.
The cyber insurance market has warped dramatically in just the last few years. Even as recently as five years ago the process for acquiring or renewing coverage was a relatively simple one. While reducing the process to one question — ’Do you have anti-virus?’ — was an oversimplification, it wasn’t too far removed from the truth. That’s no longer the case.
As the demand for coverage increased, due to the prevalence of cyber attacks and data breaches, many carriers found their tolerance for risk greatly reduced. Underwriters now actively attempt to mitigate potential losses from cyber-related claims with much more strict requirements. The handful of questions used to set up a policy have been replaced by extensive applications and questionnaires. Businesses now have to show substantial proof they’re adhering to security best practices and implement proper protocol to reduce risk.
All of this means it’s more expensive and difficult than ever to acquire cyber insurance, or even renew a policy. For instance, the average price for cyber insurance rose 79% in the US during Q2 of 2022 alone. Let’s go over the causes of the hardened market for cyber insurance, what financial decision-makers need to consider in pursuing coverage, and how Inversion6 can help.
Different Space, Different Solutions: Operational technology is interconnected with IT systems like never before. Learn what it takes to improve your OT cybersecurity process.
Ransomware Upends the Cyber Insurance Market
For cyber insurance, the single biggest disruptor has been the rise of ransomware. In the last five years, business losses related to cyber attacks have grown substantially as digitalization spread across the globe. More organizations saw the need for cyber insurance and purchased coverage.
But with the additional coverage, cyber criminals now had more targets with identifiable price points (policy payouts) attached. The raw number of ransomware attacks rose, and the average asking price of a ransomware attack also skyrocketed. Insurers, who were eager to sell coverage but had not enforced standards in security, were left paying out more in claims than the industry could support without drastic changes.
The current market is reflecting that change. Insurers have elevated the security requirements for those seeking cyber insurance policies and limited the overall amount they would cover in the event of an incident. Costs have increased, cyber insurance requirements have increased, additional components like co-insurance have entered the market, and ultimately there’s now a chance insurance coverage will be denied if a business can not meet certain standards.
Fallout From Increased Cyber Insurance Requirements
The pushback from insurance companies is felt by businesses trying to obtain or extend coverage in several ways:
The process to get cyber insurance is longer, harder, and more expensive than ever
Specific elements of a security plan need to be place to gain coverage
The likelihood of policy denial is a very real possibility
This has left many CFOs and other decision-makers judging the worth of cyber insurance against the cost and resources required to acquire it. Every case and business is unique. The cost to implement the security practices needed to meet cyber insurance requirements will depend on an organization’s already ongoing risk-management program and profile.
Some industries, such as those dealing in energy or other infrastructure sectors, may find it more difficult to obtain coverage due to perceived vulnerabilities in legacy systems.
Before deciding to pass on cyber insurance, however, organization leaders should consider the following:
Cyber Insurance Requirements are Foundational
The tools, processes, and protocol insurers are asking for are not cutting-edge solutions. Most are nuts-and-bolts components, like multi-factor authentication and off-site backups, that businesses have heard about for a while and easily obtainable.
It Cost Less Than the AlternativeWhile expensive, the cost of insurance is still far less than the average price of a ransomware demand or the potential catastrophic damage that a not-covered event can have on a business.
It’s Another Tool in Your ArsenalCyber insurance is another risk-management tool in your overall security profile. With it, you’re not wholly responsible if the worst happens. You’re transferring a portion of your financial risk with the acquisition of coverage.
Do THIS Before Lining Up Cyber Insurance: Minimizing risk needs to happen well before you put a policy in place. Learn about the first step for coverage here.
Navigate Cyber Insurance Requirements with Inversion6
Inversion6 has the experience and practical expertise to help businesses make sense of the current cyber insurance market, install foundational security elements to ensure coverage renewals, and highlight incoming changes to keep you informed.
We help you assess where your profile may be lacking regarding current cyber insurance requirements and develop a plan to follow through on implementation. Our experts guide and inform you along the way, whether you’re six months out from the renewal process, or facing a final crunch to get coverage lined up.
Remember, time is critical. With renewals not guaranteed in the current environment every business is advised to get in front of this process as soon as possible to ensure time to meet new standards or figure out alternatives.
Connect with Inversion6 today to learn how we can help you meet new cyber insurance requirements.