Things a Business Owner Should Know About Cybersecurity Insurance

Things a Business Owner Should Know About Cybersecurity Insurance

As a managed IT services provider (MSP), we believe that every business should carry cyber liability insurance. It’s a foundational element of a layered IT security strategy, and a critical safety net should your business experience a cybersecurity attack. Insurance companies have been offering cyber-liability policies for years but an increase in malicious activity (up 485% in 2020) has increased the number of claims made against active cyber-policies.  

Because of increasing the activity and variety of attacks, the process to apply for/renew a cyber policy has changed since the beginning of 2021. Most of the change comes in the form of IT security requirements. Insurance companies now realize that there is too much risk insuring a company not aligned with foundational IT security best practices. Businesses that can’t prove adherence to those best practices will be denied coverage. 

Below is a list of IT security protocols and changes being required of businesses working through the application/renewal process.

The applications/renewal process requires additional IT security services.  Most insurance providers will require foundational IT security practices, including:

  • Consistent application of Microsoft security patches/updates
  • Dedicated email security toolset
  • Dedicated data backup/disaster recovery solution
  • Multi-factor authentication (MFA) enabled on at least email, and potentially remote access, and administrative accounts
  • “Next-Generation Antivirus” toolset on all endpoints 
    • “Next-generation antivirus” is called Endpoint Detection & Response and is significantly more effective than traditional antivirus at preventing/recovering from ransomware attacks.
  • End-user security awareness training/testing
  • Documentation of Disaster Recovery and Incident Response plans

Other trends seen in the cyber policy application process are:

Insurance Companies are lowering coverage limits for some industries.  In higher-risk industries, insurers reduce their risk by lowering coverage limits and placing lower payout amounts on ransomware. 

Premiums are continuing to increase. Insurance premiums rose between 10% and 30% through the second half of 2020 and will continue to rise through 2021 and into 2022.

Expanding elements of a cyber-liability policy. Cyber insurance is designed to protect your company from primary risks such as network security/privacy liability, network business interruption, media liability, and errors and omissions. The best policy for your business will contain elements of the above items and should provide customized protection. Consult an expert!  

Certain industries are requiring businesses to have a cyber policy to engage in bids.  In many industries where outside contractors are bidding on projects, outside contractors are required to carry certain cyber coverage amounts. This forces businesses to implement foundational IT security measures to be insured, before bidding on projects.  

The result is that cyber insurance has advanced from a very niche risk-transfer tool into a critical requirement for businesses of all shapes and sizes to mitigate risk.  

Not all cyber policies are created equal, so having an insurance broker trained in the nuance of this line of insurance can be a valuable partnership for any business. If you are trying to prepare your business to be insured or enhance your IT security, Connecting Point can help you implement critical IT security services and partner with your business to better prepare and cover for these new practices.  

Learn more and get support from the IT experts by contacting us today.