The cyber liability insurance market has soared over the last few years, as a rise in high-cost attacks have driven more companies to offset the potential cost to their organizations. Yet, insurers have adjusted their prices accordingly, with the cost of insurance premiums rising alongside the cost of ransomware attacks. Insurers rightly do not want to lose money and are doing their due diligence to investigate an organization’s cyber posture before insuring them.
The cost of your company’s cyber insurance is going to be based on a couple of factors:
- Business Size: While businesses of all sizes are vulnerable to attack, small businesses are often less organized and, as a result, have less structured cybersecurity controls. On the other hand, larger businesses have more human risk for phishing. Larger businesses are also likely to have more remote access, more extensive networks, and more assets to be stolen.
- Type of Data: Risk will also depend on the data your organization is storing. If you’re storing a lot of highlight sensitive personal information (PII), you have more at risk.
- Industry: Some industries are viewed as more vulnerable to attack than others. For instance, organizations in the healthcare industry have seen higher limits on ransomware payouts and reduced coverage available.
Once the insurer has assessed the risks, they will also evaluate the measures you’re taking to protect your organization from cyberattacks. Of course, both the insurer and insured should know there is no such thing as a guarantee against attack, but if the organization applying for a policy is taking precautions that protects themselves, they’re much more likely to be accepted and much more likely to pay lower premiums.
How to Reduce the Cost of Cyber Liability Insurance:
Establish a Risk-Aware Culture
Begin by accepting that every single employee is a risk. Invest resources and time towards educating your employees about cyber risks and the measures they can take to protect themselves and the company.
Have a Robust Incident Response Plan
Putting an incident response plan (IR plan) in place is necessary for cybersecurity coverage. It’s unlikely that you will find a provider that will cover your organization if you don’t have a plan.
An incident response plan is essentially a playbook that you lean on when you suspect your organization’s network has been compromised. In the event of a data breach, response time is crucial. People need to know how to respond, how to contact and who needs to be notified when an incident occurs.
The main goal here is to minimize damage and get back to business as soon as possible.
Minimize Your Volume of Personally Identifiable Information (PII)
Personally Identifiable Information (PII) includes private consumer data like social security numbers, phone numbers, name, email address, etc. If your organization experiences a data breach and this information is stolen, your company could experience a litany of negative consequences ranging from a fine to a customer lawsuit. Cyber insurance companies understand that PII poses a financial risk to them— the more PII that’s taken during a data breach, the higher the cost to recover the network and recoup any damages.
Risk assessments, which are used to determine premiums, often use PII volume as a key factor. If you are able to reduce the amount of sensitive data your company stores, you can possibly reduce your premium.
Upgrade Hardware & Software
If your organization can periodically upgrade hardware and keep software up-to-date, you can ensure that security gaps are patched and that your network security doesn’t stay stagnant.
Software updates often include the latest security patches that can close network gaps you weren’t even aware of. While hardware upgrades can be costly, if you have a managed service provider handling your network security, you can have periodic software updates included in your contract.
Maintain Compliance with Data Regulations
Data regulations like HIPAA were created to protect the privacy of sensitive consumer data like social security numbers and payment information. While different industries prioritize following different regulations, many non-compliance penalties are similar in nature.
Organizations are often motivated to follow these regulations out of a fear of receiving fines, yet they can also benefit from a lower cyber insurance premium. Maintaining compliance with data regulations shows your insurer that your organization is dedicated to protecting consumer data and securing your network, which could help in acquiring a lower premium.
These regulations are updated often, so it’s important to follow industry leaders to stay up to date on any changes that your business should be aware of. Consider quarterly reviews of your cyber security protocols in order to find room for improvement.
Main Factors Affecting Cyber Liability Insurance Premiums
Beyond the factors listed above, we’ve compiled a quick visual punch list to review with some of the most important factors affecting cyber liability insurance premiums.
- Multi-Factor Authentication
- Email authentication
- Disable open RDP port(s)
- Discontinue unsupported software (OS & Applications)
- Define admin privileges & use separate ID’s
- Designated CIO function
- Penetration testing
- Network assessment including Vulnerability Scanning
- Employee Awareness Testing & Training
- Policies and procedures
- Number of records at risk
Kyber Security | CT Cybersecurity Experts
Don’t get caught off guard. See your organization from an attacker’s perspective. Kyber Security can conduct a comprehensive cyber insurance and controls preparedness assessment to evaluate vulnerabilities.
Here’s What You Can Expect From an Assessment:
- Understand your organization’s gaps with core controls associated with cyber liability insurance premiums
- Obtain immediately actionable information for how you can better secure your organization
- Learn how you can improve the overall cybersecurity posture of your organization