Cybersecurity Insurance Policies and their Complications

When you acquire a cybersecurity liability insurance policy, things can get risky. Transferring the responsibility to a third party is a very popular response mechanism. It tends to be applied when businesses feel that they don’t have the necessary knowledge, resources, or equipment to mitigate or eliminate cyber threats.

Cybersecurity liability insurance typically provides coverage for expenses that an organization would incur directly due to a cybersecurity attack. Examples of these include,

Associated legal fees
Digital forensic services
Negotiation of ransom payment to bad actors
Incident response and recovery services
Restoration of systems and applications
Public relationship services
Breach notification and credit monitoring services

This coverage can be very enticing to executives because the cost of these insurance policies is reasonable. They often think of it as a weight off their shoulders.

According to FitchRatings, the cybersecurity insurance market grew 22% in 2020. The same report discovered that the average paid loss for a cybersecurity claim grew from $145k in 2019 to $359k in 2020. Insurance carriers are more than happy with the growth in the industry but recognize that financing efforts need to be more stringent. What does this mean for your organization? Well, this means that transferring cybersecurity risks is about to get very expensive.

Cybersecurity insurance will continue to be an option for organizations looking to transfer security liability. However, insurance carriers are going to be more particular about their funding processes.

What Should I Expect if I want a Cybersecurity Insurance Policy?

1. Increased Investigation

These financiers are going to investigate deeper into your organization. They will demand greater cybersecurity controls over their applicants as well. Some examples of the specific information that organizations will have to provide are:

Written information security plans, incident response plans, and disaster recovery plans.
Formal cybersecurity awareness programs.
Strict access controls.
Data backup strategies.
Adoption of Endpoint Detection and Response (EDR) Software.
Current operating systems and firmware applications that are patched regularly.

2. Increased Cybersecurity Testing

These companies can now request proof of cybersecurity controls and their effectiveness in your organization. Many underwriters already do non-intrusive vulnerability scans to test their client’s environments. Statistics show that cybersecurity eligibility requirements will continue to increase.

3. Rejection when your Company fails to meet Certain Requirements

Insurance companies will be more cautious when deciding who gets an insurance policy. If your organization doesn’t have the necessary plans, controls, and processes in place to protect against cybersecurity attacks, you will be rejected for an insurance policy.

4. Increased Premiums

The rise in average cybersecurity claims has underwriters concerned about profitability, which results in an abrupt increase in prices.

The demand for insurance policies and the new client risks that come with them represent an increase in cybersecurity requirements for organizations that wish to obtain them. The days have passed for organizations to purchase a policy without allocating the proper resources required to build an effective cybersecurity program.

At BTI we have more than 35 years of experience in the fields of IT, security, and communications. Our qualified experts can help you with all your needs in terms of software, policies, solutions, and more! Do you need help developing effective cybersecurity programs in your organization? If so, please contact us to schedule a free business assessment!