{"id":6757,"date":"2024-12-30T09:00:00","date_gmt":"2024-12-30T15:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/cyber-risk\/get-most-out-cyber-insurance"},"modified":"2024-12-30T09:00:00","modified_gmt":"2024-12-30T15:00:00","slug":"how-to-get-the-most-out-of-cyber-insurance","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/12\/30\/how-to-get-the-most-out-of-cyber-insurance\/","title":{"rendered":"How to Get the Most Out of Cyber Insurance"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

COMMENTARY<\/span><\/span><\/p>\n

Cybersecurity insurance is the <\/span>fastest-growing segment of the global insurance market<\/a><\/span>, and there’s a good reason for that. Cybersecurity has become one of the most critical requirements for organizations of all types \u2014 from small business to large corporation \u2014 as cyber threats remain constant. <\/span><\/p>\n

Unsurprisingly, cyber-insurance rates increased substantially from 2018 to 2022. Though overall cyber-insurance premiums began to decrease in 2023, many organizations are still seeing their rates rise.<\/span><\/p>\n

Costs Are Increasing \u2014 for Those Able to Get Insured<\/h2>\n

The cyber-insurance industry is maturing just as quickly <\/span>as cyber threats are growing in quantity, scale, and sophistication<\/a><\/span>. As payouts and annual premiums increase, coverage limits are becoming more restrictive.<\/span><\/p>\n

In a 2023 survey<\/a><\/span> of US organizations, “79% saw insurance costs increase, with 67% facing an increase of 50-100%.” Smaller companies, with fewer than 250 employees, were more likely to be denied coverage than large businesses (28% versus 8%). The primary reason small businesses were rejected was their lack of security protocols.<\/span><\/p>\n

The good news is that the work you do to strengthen your organization’s overall security posture and identity hygiene is also the work that will satisfy many of the compliance requirements underwriters are looking for \u2014 resulting in better security protections and better insurance coverage and premiums.<\/span><\/p>\n

Tips to Ensure Affordable Cybersecurity Protection<\/h2>\n

Self-assess:<\/span><\/span> To help with the process, proactively self-assess your risk profile and ask yourself the hard questions before the underwriters do. Conduct a thorough self-assessment of your current cybersecurity posture, identifying strengths and weaknesses.<\/span><\/p>\n

This process has two main benefits: <\/span><\/p>\n

\n
    \n
  1. \n
    <\/span><\/p>\n
    \n

    It gives you a clear picture of where you stand now. <\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n

  2. \n
    <\/span><\/p>\n
    \n

    It guides you to evaluate policy options that will cover your specific risks.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ol>\n<\/div>\n

    Don’t underestimate risks: <\/span><\/span>Make sure not to underestimate your company’s or industry’s risks. Everyone is vulnerable to cyberattacks, not just traditional high-risk sectors such as financial services. In recent years, we’ve seen cyber incidents across many verticals, including <\/span>healthcare<\/a><\/span>, <\/span>energy<\/a><\/span>, and <\/span>retail<\/a><\/span>.<\/span><\/p>\n

    Insurance providers categorize rates based on industry-specific risks, comparing you to your peers in the process. Understand your sector’s unique vulnerabilities \u2014 even if you haven’t had to worry about them in the past\u2014and be prepared to demonstrate how you’re addressing them. <\/span><\/p>\n

    Know your coverage limits:<\/span><\/span> That leads me to my next piece of advice \u2014 understand your coverage limits. Thoroughly review the limits, sublimits, and exclusions in your policy. Pay close attention to what the coverage provides in terms of the full scope of potential losses, including third-party liabilities and regulatory fines. You can often negotiate terms, including specific clauses and deductibles, during the process.<\/span><\/p>\n

    Not all policies are the same. Many insurance providers focus on particular verticals or demographics. They each have different views of risk and leverage a range of data points to make their decisions. Do your research on individual providers to find the best fit for your organization so regularly review your policy. The threat landscape is always changing, and the coverage you need may evolve along with it. Conduct periodic reviews of your policy well ahead of your renewal term date to make sure it is still meeting your needs.<\/span><\/p>\n

    Understand your requirements:<\/span><\/span> It’s important to pay attention to the compliance requirements. Many policies explicitly call out compliance requirements. Failing to meet these standards can result in having your claims denied. Carefully assess your policy’s requirements to verify that you are fulfilling them.<\/span><\/p>\n

    When engaging with insurance providers, be ready to show your work. Demonstrate the effectiveness of your security controls, particularly those related to identity hygiene. If you’re renewing your policy, show how you’ve matured your approach to cyber-risk since your last assessment. What tangible improvements have you made? What products are you using to automate processes?<\/span><\/p>\n

    Focus on areas that underwriters prioritize, such as privileged access management and credential protection. Quantify your progress by highlighting reductions in accounts with administrative access or new requirements for regular password updates. Providers are looking for year-over-year maturity \u2014 moving from ad hoc, manual approaches to clean, consistent, automated, and sustainable hygiene practices. Be sure that you are getting full credit for your hard work.<\/span><\/p>\n

    Conclusion<\/h2>\n

    As cyber threats continue to evolve, so must our approach to mitigating them. Bolster your cybersecurity posture in a holistic manner \u2014 self-assessing your risk profile, addressing vulnerabilities, and striving for continuous improvement \u2014 and you can better safeguard your organization against threats and control your cyber-insurance costs.<\/span><\/p>\n

    Prepare for increasingly rigorous risk assessments from providers moving forward. Underwriters now have access to extensive data about cyber threats and protections. Expect them to ask more granular questions and do deeper inspections into the efficacy of controls, especially those around identity-related risks, such as privileged access and credential theft. Anticipate their questions, and be prepared with comprehensive, up-to-date answers.<\/span><\/p>\n

    Cyber insurance should augment your cybersecurity strategy, not replace it. Prioritize implementing robust, ongoing cyber practices that protect your organization.<\/span><\/p>\n

    Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    COMMENTARY Cybersecurity insurance is the fastest-growing segment of the global insurance<\/p>\n","protected":false},"author":12,"featured_media":6758,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-6757","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?fit=1800%2C1012&ssl=1",1800,1012,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?fit=1800%2C1012&ssl=1",1800,1012,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/how-to-get-the-most-out-of-cyber-insurance.jpg?fit=1800%2C1012&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6757","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6757"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6757\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/6758"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6757"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6757"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6757"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}