Article

Cyber insurance trends and best practices: An evolving landscape

July 26, 2021
#
Cybersecurity consulting Digital evolution Cybersecurity

With cybersecurity attack attempts and successful breaches surging, cyber insurance has never been more valuable to middle market companies. However, the cyber insurance landscape is changing as long-standing risks increase and new ones emerge. In the past, cyber insurance was relatively inexpensive, but the increase in attacks—especially ransomware—has drastically changed policy requirements while also increasing costs.

The current cyber insurance environment

Unfortunately, we are seeing attacks in every industry, and the financial demands are getting much higher. Criminals know that more companies are buying cyber insurance, and this has made them even bolder—if they have insight into what a policy covers, they will ask for a ransom that the insurance company will cover. The odds of a security incident having a major impact on your business have increased—this has made providers more nervous about the coverages they offer and has led to some fairly significant changes.

Some of the more recent, important changes in the cyber insurance marketplace include:

  • Reduced capacity: Insurance carriers are not comfortable with giving as much coverage, because they know there is a higher probability of having to pay out that amount.
  • Rate increases: We are seeing a 25% to 100% increase in rates to account for higher, more frequent losses.
  • Underwriting scrutiny: Underwriters have gone from asking very little about an organization to basically wanting to be a part of your IT team. They are asking more questions about controls, and if they deem you high risk, they may not offer you coverage.

Simply applying for cyber insurance has become more involved. Insurance companies have enhanced their application questionnaires to understand whether a company is at risk for ransomware and various other types of cyberattacks. Carriers use these yes/no questionnaires to score applicants and set insurance rates, as well as determine whether they will offer a policy at all.

These questionnaires are a critical part of the insurance process, and you need to fill them out as accurately and completely as possible to ensure you don’t compromise your rates or eligibility for coverage. The number of “no” answers you give could disqualify you for coverage—so thorough assessment of your risks before you apply is critical.

RSM contributors

Featured solution

Penetration testing

Identify how attackers will exploit your company’s weaknesses with PenTesting services.

Subscribe to Risk Bulletin

Our cybersecurity, risk and fraud professionals provide regular insights and regulatory compliance updates to help your organization manage risk.