How to Reduce Your Cyber Insurance Premiums
- Ransomware increased by almost 13% – a rise as big as the last five years combined (for a total of 25% this year)
- Supply chain was responsible for 62% of System Intrusion incidents this year
- 82% of breaches involved the human elements whether it was the use of stolen credentials, phishing, misuse, or simply an error
These statistics are a fragment of the eye-popping findings in Verizon’s 2022 Data Breach Investigations Report.1 While the annual report is easy to comb over, statistic by statistic, that’s not how things happen in real life. A breach is part of a larger story – and in this case, nothing happened in a silo. Instead, there was a domino effect as the increased risk pushed cyber insurance coverage pricing through the roof. According to a report by Aon, in December 2021, E&O and cyber monthly pricing increased by 137.3% year-over-year.2
The changing threat landscape alone was not the only reason for the soaring prices. Other factors included:
- Growing demand for cyber insurance. Formally, cyber insurance was an affordable commodity. Now as prominent attacks garner attention, an increasing amount of companies want insurance for peace of mind.
- Large payouts from ransomware and increasing loss ratios. Insurers have been paying more claims as ransomware attacks increase. It is common to pay roughly 73 cents per every dollar collected, forcing insurers to increase premiums to right-size the difference.3
- Poor cyber hygiene. Between human error and the cybersecurity staffing shortage, many policies, practices, and trainings are not fit for today’s intense threat landscape, leaving organizations open to attack.
- Work from home risks. With the sweeping shift to work from home, many companies were not prepared with security that was fit for purpose. Even as roadmaps and technology adoption have changed to bolster security in dispersed environments, there are many new entryways for bad actors to attack.
What rising premiums mean for you
With all of the factors at play, cyber insurance is harder to find than it was a year ago. And based on current trends, it’s going to get harder at a time when companies desire it most. Right now, cyber insurers need a bigger pool of capital to remain viable to address the risk of large cyber catastrophes.
With margins as tight as your uncle’s belt after a thanksgiving feast, you’re going to have to put more work into your cybersecurity maturity. Before insurers offer or renew a policy, you will be expected to complete due diligence. They may now require a broad application of multifactor authentication (MFA), endpoint detection, multiple backups, and formal disaster recovery plans.
Even after that, you should expect less insurance protection for more money.
Take control of your premiums
While premiums are on the rise, it doesn’t mean that you have zero control over what you pay for cyber insurance. To lower premiums, business leaders must align cyber maturity efforts with cyber insurance program strategy. This includes:
1. Conducting regular security assessments and penetration tests
There is no better place to start lowering your premiums than with a security assessment and penetration test. Conducting assessments annually allows you to uncover vulnerabilities in your environment and fix them to lower risk. From an insurer’s perspective, there’s nothing better.
2. Developing/improving your security policies, procedures, and practices
Say you haven’t created a data destruction policy, well, that means you’re sitting on a treasure trove of sensitive data in your email just waiting to be exposed. Cyber insurers prefer a tightly controlled volume of records to access, store, and transfer. By designing and documenting tailored security policies, procedures, and practices for not only your organization, but the changing threat landscape, you solidify your security posture against costly threats.
3. Using practices that make ransomware less effective
If we can take away the power of ransomware by using safe and clean, well-tested backups and avoid paying ransom, then that is not only better for us, it looks more favorable to insurers. As more companies do this, insurers have fewer payouts which lowers the cost of insurance.
4. Conducting security awareness training
Since human error is involved in the majority of cyber incidents and losses, training that CHANGES behavior is essential. We say CHANGES because many trainings are simply to tick a box, rather than a formal program designed with the student in mind.
While this list could continue on for a while, your exact needs to influence your cyber insurance premiums are unique. Our team knows firsthand how overwhelming it can be to know what to do for your specific organization. That’s why we work through these situations hand-in-hand with our customers to make an understandably stressful situation more manageable.
Don’t give up hope that you can’t afford cyber insurance, instead, start here with a free, no obligation score and customized report. Get started with your assessment.