How To Qualify For — And Keep — Cyber Insurance Coverage

These days, it’s common for businesses to purchase cyber insurance to help mitigate financial losses from network breaches. According to the U.S. Government Accountability Office, the proportion of businesses adding cyber coverage increased from 26% in 2016 to 47% in 2020.

But in the event of a loss, processing such claims can be expensive, and insurers are becoming more selective about the companies they agree to insure and for how much. In response to mounting losses from cyber crime, insurers are also raising premiums. If your company wants to qualify for cyber insurance at an affordable price, we recommend the following five steps:

1. Spend time with the application.  Insurers ask applicants to complete a security questionnaire to help them understand the risks facing the companies. Answering the questionnaire fully and accurately may require input from your company’s IT department and even from third-party technology companies such as your cloud computing provider. Failure to respond to a question may provide sufficient evidence for the insurer to deny coverage.
2. Revisit your security program.  The health of your cybersecurity program is a significant factor in qualifying for cyber coverage. Your organization has a better chance of getting coverage if, for example, it can demonstrate its ability to patch software, encrypt data, deploy multifactor authentication, and educate employees about cyber threats. Assess the health of your program and take steps to improve its effectiveness should deficiencies become apparent.
3. Formalize plans and policies. An effective security program depends on robust incident and disaster recovery plans. If your organization has yet to create such plans, do so before applying for cyber insurance. In addition, review and update your security-related policies. Most insurers will ask to see them.
4. Consider a third-party assessment. To uncover weaknesses before they result in a coverage denial, consider engaging a third-party security company to assess your security program. This can be particularly beneficial if you haven’t yet applied for coverage because some security firms maintain relationships with insurance companies and can help streamline the application process.
5. Prepare to be tested. Some insurers might want to test your company’s defenses via a penetration test. Before applying for cyber insurance, ready your IT network for a possible “attack.”

Even if your company already has cyber insurance, you may need to fight to keep it. Instead of renewing your policy automatically, your insurer could review your risk characteristics and drop you. With these challenges in mind, be sure to maintain and regularly upgrade your security program. Contact us for help with risk-mitigation strategies.

HoganTaylor's Technology Services

What are you doing to protect your organization from dangerous ransomware gangs? HoganTaylor has a team of experts who specialize in assessing and implementing ransomware protection, safeguarding your business from unwanted and vicious attacks. If you would like an assessment of the maturity level of your organization against these baselines, please contact us.

HoganTaylor's Technology Services include, outsourced CIO and technology solutions, cybersecurity services, and IT strategy and assessments. If your organization needs assistance in evaluating its technology strategies and goals, please contact us to have a conversation with our experienced advisors. 

INFORMATIONAL PURPOSE ONLY. This content is for informational purposes only. This content does not constitute professional advice and should not be relied upon by you or any third party, including to operate or promote your business, secure financing or capital in any form, obtain any regulatory or governmental approvals, or otherwise be used in connection with procuring services or other benefits from any entity. Before making any decision or taking any action, you should consult with professional advisors.