Published by Allen Lumpkin
For maybe the first time in the history of cyber insurance, insurance carriers are truly underwriting the cyber risk of an organization. Instead of cashflow underwriting – which carriers have been doing over the last 10+ years to bring more cyber premium in the door as it has been a very profitable line of business for insurance carriers – underwriters are reviewing each organization’s risk characteristics and determining whether or not they will provide a cyber insurance program to a given company. Additionally, almost all insurance carriers are currently requiring supplemental ransomware applications that ask for multi-factor authentication, segmentation of data, and data backup. This accelerated hard cyber market has caught most companies off guard, and very few brokers in the industry are prepared to help their clients through these times. Data shows that most insurance carriers require higher premiums and offer reduced coverage when companies do not have critical control measures in place at the time of renewal. The average increase in the marketplace at the end of Q4 2020 was between 10% – 20% and is expected to grow throughout 2021.
You may be asking yourself, what is causing this sudden change in the cyber market? Since March of 2020, around the time that COVID-19 shut down the globe and employees began working from home, there has been a 400% increase in cyber-attacks year-over-year with an exponential increase in the cost of attacks. The shift to employees working from home has changed many organizations’ business models and created easy access points for cybercriminals to target work from home employees and companies who may not have had the digital infrastructure and security in place for a remote workforce. Employees are also using their personal devices that have unauthorized software and may be vulnerable to bad actors.
Additionally, some employees are stressed and distracted when working from home, especially those with families and children who are learning virtually. Throw in the mix the concern of contracting COVID, and cybercriminals can prey on these fears with fake internet domains, creating the perfect recipe for a cyber predator to wreak havoc on an organization. A recent article outlined that 90% of all cyberattacks start with a phishing scam, which has increased by 6,000% since COVID-19 started in March. Ransomware demands are now often in the six and seven-figure range, with one group outlining that the average ransomware will be in the neighborhood of $250,000 once Q4 2020 data is released. Other areas of concern are RDP Compromise and Software Vulnerabilities.
As an organization looking to implement a cyber program, here are some helpful tips that you can be doing to make your company more attractive to the cyber insurance marketplace.
- Multi-factor authentication and appropriate encryption are a must. If you do not have this implemented within your organization, it will be extremely tough to secure some components of a cyber program. The most glaring deficiency of your program will be that Cyber Extortion (Ransomware) limits will most likely be sub limited or excluded entirely. With Ransomware ranking as the number one cause of cyber claims today, this coverage is a must.
- Purge data and remove unauthorized users promptly. If you don’t have the information or the old users, there is no need to protect it.
- Segregate your data. If some individuals within your organization do not need specific information, do not give them access. Only provide access to those that need the information to perform their job.
- Train your employees regularly on the different threats cybercriminals are using. There are several companies in today’s marketplace that provide an interactive learning experience for your employees – these programs will make employees more conscious of the threats that are causing the most issues to employers. Your cyber insurance carrier may also offer employee training or connect you with vendors who can conduct it at a discounted rate. Your employees are the weakest link in the cyber chain.
- Have regular conversations with your third-party IT vendor, if you use one, regarding what they are doing about their security protocols and how frequently they update their different methods to fight cybercriminals.
- Have a crisis management and/or a disaster recovery plan in place. It should be comprehensive and address all potential information that is pertinent to the organization. However, having one is not enough. Any employee who is instrumental in implementing the plan should know what to do in the event of a cyber incident. Thus, tabletop exercises should be conducted routinely.
- IT should not be siloed. The IT department should be working hand in hand with the C-suite to implement necessary security measures to protect the organization. There should be a top-down culture of protecting the organization and its data (both 1st-party and 3rd-party information).
These are some of the main items that underwriting is looking for when providing cyber terms and conditions during this hard market. Taking these precautionary measures will help keep your cyber insurance program premium down and provide necessary coverage in the event of a cyber-attack.
If you or your company have any questions on cyber or are in the market to add cyber liability to your insurance and risk management program, please do not hesitate to reach out to our P&J staff. We are here and happy to help you navigate the cyber insurance marketplace.