InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
The cyber insurance market, in which premium rates and claims act as a direct indicator of the cyber-attack landscape, has spiked in demand. As one sign of proof, the percentage of insurance clients that opt for cyber coverage has doubled in the last
few years— a direct result of the increased frequency and severity of successful attacks.
Premium rates have now caught up with demand — with an increase of over 79% between 2021 and the first half of 2022. Despite large price hikes, organizations still need cyber insurance. It provides financial protection for extortion, consumer privacy
liability claims, and the direct operational slowdown or shutdown resulting from a data breach.
Even as insureds realize the coverage benefits, issues arise regarding underinsured policies. Ransomware attacks can cost an organization millions of dollars per incident. Yet, it's not something most businesses
are ready to handle — with only less than 20% of insureds having $600,000 or more in ransomware coverage limits. But even for those with adequate coverage limits, issues arise from a reduction in claim payments due to poor security practices,
negligence, or coverage lapses by the insured.
This piece provides advice to help to maximize cyber insurance claims along with guidance to ensure full cyber insurance policy coverage.
Cyber insurance coverage gives organizations the peace of mind and support they need during and after an attack. In addition to providing businesses with an incident response team and dedicated resources,
it covers the costs of ransomware or network extortion payments, regulatory fines, lost revenue from a shutdown, and liability expenses such as legal fees, damages, or settlement costs resulting from a breach.
Cyber insurance is helpful to companies especially when attackers steal their customers' personally identifiable information (PII) and credit card data. As part of the first-party cyber coverage, the insurer will pay the costs for investigating the event,
data recovery, and incident remediation. Depending on the policy, it will also cover the costs of public relations efforts to inform customers of the incident and compensate the insured for any lost revenue resulting from a shutdown.
On top of those expenses that directly indemnify the business, the carrier will cover third-party liability costs. This includes attorney expenses, court fees, damages paid to the exposed credit card companies, and settlement or punitive damages to the
Because of the liability component in cyber insurance, businesses often need to have cyber insurance to fulfill contract requirements to protect the client or lead contractor. Regardless of contract or regulatory requirements, however, businesses in all
industries are now prime targets of cyber criminals and should be prepared with a robust cyber insurance policy, especially if your organization meets any of the following circumstances:
Most likely your business falls into at least one of these categories making it necessary to purchase cyber insurance. Before purchasing the coverage referenced above, keep in mind that cyber insurance policies and coverage are highly variable and can
differ between carriers. Besides ensuring that you have the right coverage for the business, what are some of the other challenges to consider during procurement, and how do you address them?
Organizations purchasing cyber insurance for the first time or looking to switch insurance carriers may struggle with high premiums or denied coverage if they don't have a comprehensive security program. Your organization must have a security plan with
concurrent technology and management practices. Cyber Insurance carriers want organizations that properly identify risks, protect IT and data assets, detect potential threats and anomalies, respond to confirmed incidents, and recover from the events
quickly to get back to normal operations.
Similarly, if your organization has been categorized as a risk with prior claims or recently victim of a successful attack, then you will need to show resilience with documented steps to be prepared for and prevent another incident. It's often either
a poor loss history or a lack of security solutions such as endpoint detection and response (EDR) technology, an incident response plan, or multi-factor authentication (MFA) on endpoints that get in the way of adequate coverage and total claim payouts.
Alternatively, businesses planning to renew their current coverage can keep their insurability high and procurement simple by adhering to an in-depth cyber insurance renewal checklist. Included on this list
are using a third-party auditor to verify compliance and policy requirements, constantly improving a security program by easing into frameworks such as zero trust and aligning policy and control requirements with direct carrier demands.
DOWNLOAD: Zero Trust: A Step-by-Step Guide
Today's cyber risks and threat landscape have also caused headaches to those issuing the coverage — the insurance carriers. One significant issue that's created difficulty in underwriting the coverage and adjudicating cyber insurance claims is the
limited historical data the providers must work with.
Relative to other risks like natural disasters, fire, or crime, cyber incidents haven't been around that long, considering the hundreds of years insurance has existed. This means a smaller sample size to reference when deciding whether to underwrite coverage
for a business, for how much, and how much to pay out in a claim.
Another problem is a general awareness of cyber risks and the types of attacks. By the time a carrier starts to understand the key indicators of one successful attack vector, a new one becomes prominent as enterprise IT infrastructures constantly evolve
and unique Internet of Things (IoT) devices get added to the mix. Cybercriminals are extraordinarily skilled at quickly adapting to new environments and exploiting system vulnerabilities.
It's important to understand that because a carrier is in the business of making money, they look to maintain a solid loss ratio (claims paid divided by premiums collected) by minimizing the amount paid out within the scope of the policy. Based on data
collected for the top reasons cyber claims payouts get reduced, here are five steps you can take to maximize your insurance claim:
One of the main reasons payouts are reduced are poor incident prevention controls by the insured. While each carrier differs in the specific controls they'd like to see, most prioritize things like MFA for logging into network resources, a strict system
of privileged access management, regular security awareness training for employees, and anti-malware installed on all endpoints.
If organizational policies and procedures relating to cybersecurity were undocumented or unfollowed, then carriers can reduce claim payments. For instance, some underwriters want to see a written incident and ransomware response plan, documentation of the insured's cybersecurity program and technology assets, and proof that the procedures are being simulated and practiced.
Limitations on the coverage time frame reduces cyber claims payouts. Therefore, organizations must be on top of their game during policy renewal to avoid coverage time gaps. Also, they should seek retroactive coverage that will back-date to cover losses
occurring after the "retroactive date" and discovered during the policy period.
Cyber insurance claims can be reduced because a third-party vendor, or contractor was at fault. As part of a robust program, ensure you vet third parties before working
with them. Confirm they have solid security practices and a cyber liability insurance policy through certificates of insurance (COIs).
Incidents resulting from errors and omissions (E&O) by the insured can reduce or negate a claim. Keep in mind that professional liability, errors & omission, and malpractice insurance cover businesses for negligent-related issues for their service.
However, many assume that E&O covers cyber incidents or vice versa, which is not the case, and E&O coverage needs to be purchased separately.
By starting early, proactively identifying any security gaps and documenting your security program policies and incident procedures you will increase your security strength and readiness for any potential claims.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 6, 2022
By IANS Research
Improve your attack surface management plan using 9 steps to mitigate risk and strengthen enterprise security posture.
December 1, 2022
By IANS Faculty
Improve your vendor management program using six focus areas to benchmark program maturity and identify key pitfalls to avoid.
November 29, 2022
Learn how to integrate IT, OT and physical security programs to reduce risk, improve efficiency and streamline processes across the organization.