By: Cindy Klatt, CIC, CRM, CWCA, President of Kemmons Wilson Insurance Group
Is your cyber insurance policy up for renewal? Are you interested in purchasing cyber insurance? It’s time to be proactive! Cyber insurance carriers are upping the ante by calling for enhanced cybersecurity measures and prompting total transparency from clients seeking cyber coverage. Some carriers won’t even consider offering coverage unless you have had the proper security measures in place for at least 3 months.
Why are cyber insurance underwriting regulations tightening?
Because it is no longer a question of IF you will be breached, but WHEN. Cyber insurance is simply more important now than ever. Last year’s remote-working boom increased many organizations’ exposure to cybercrime and led to an uptick in data breaches and ransomware attacks around the world. Victimized organizations leaned on their cyber insurance carriers to bail them out. Under these circumstances, carriers elected to reassess their cyber insurance policies and procedures.
For years, applications for cyber coverage only requested a moderate level of information about the client’s IT procedures and cybersecurity practices. Cybercrime is now the third biggest risk to businesses worldwide right behind business interruption and pandemic outbreak. As cybercrime evolves into an inevitable and detrimental threat, cyber insurance carriers are requiring insureds have sufficient cybersecurity practices in place.
Leading cybersecurity company Crowdstrike said it best in a recent white paper: “Cyber insurance is not a substitute for cybersecurity.” The white paper emphasized that “if an insured wishes to maintain its cyber insurance, it is going to have to prove that it has implemented enhanced levels of security controls to detect and respond to today’s sophisticated cyberattacks.”
What cybersecurity practices do organizations need to have in place?
Organizations can no longer get by with cursory answers and minimal details about their IT operations. First of all, many carriers are requiring a multifunction security appliance (MSA) or a multi-factor authentication process (MFA). Without one of those pieces in place, some have decided to pass on providing quotes or opting to non-renew current policies. Now, some carriers will provide coverage without these security measures, but the insured will be paying more for their policy. Even with the proper security measures in place, most clients will see an increase in pricing given the current cyber landscape.
Secondly, insurance carriers are pressing for more visibility into the insured’s entire IT environment. Understandably, they want to see how their IT structure operates and the risks they face as well as the steps they are taking to protect their network and prevent cyberattacks and breaches.
Crowdstrike reported, “Drastic times call for drastic measures, and insurance carriers across the board have started to introduce sublimits, coinsurance, stricter exclusions and substantial increases in premium rates, along with higher levels of due diligence and scrutiny during the underwriting process.”
Of course, implementing enhanced levels of cybersecurity does not only benefit cyber insurance carriers. With these cybersecurity practices in place, the insured client proactively reduces their exposure to cyberattacks.
Let’s work together
As you can see, the cyber insurance renewal process is no joke, and it cannot be completed overnight. The renewal process will involve your IT officer or third party IT provider, C-suite executives, and representatives from your insurance carrier. When the correct parties are connected, the process begins. With our cyber security insurance partners, we will walk you through the entire process. We advise beginning the process a minimum of 120 days before your policy renewal, if not sooner.
Contact your Experts in the Unexpected
Kemmons Wilson Insurance Group is here to help you assess the cyber risk your business faces and tailor a cyber insurance policy that puts preventative measures in place and mitigates the consequences of a cyberattack. Contact us today to begin the cyber insurance renewal process.