The insurance industry is in somewhat of a crisis. Home insurance rates have climbed. Providers are pulling out of the market in some parts of the country. Flood insurance, too, is a major issue. It is mandated in many coastal and floodplain areas, yet insurance carriers are often reluctant to award it due to the risk of high-volume payouts.
Similarly in cyber insurance, premiums are rising sharply. Some companies are even being told they don’t qualify (or no longer qualify). A survey by Delinea of 300 US-based IT decision makers revealed one of the reasons for the challenges many face in obtaining affordable cyber insurance: nearly 80% of companies have had to use their cyber insurance at least once already, and more than half have used it multiple times.
While 40% said risk reduction was the main reason for applying for cybersecurity insurance, and 33% of respondents claimed it was also due to requirements from executive management and Boards of Directors. Another 25% cited recent ransomware incidents as a primary decision driver. Other drivers behind applications for cyber insurance included business contract requirements (24%) and having suffered a data breach (17%).
The report also demonstrated that cyber insurance has now become ubiquitous. Many companies have leveraged coverage more than once. That’s one of the reasons why the insurers are becoming more hesitant and choosier. They are covering less, asking for more, and making it more difficult for companies to receive comprehensive coverage. Only 30% of organizations confirmed their policies covered critical risks such as ransomware, ransom negotiation, and decisions on ransom payment. About 48% indicated their policy covered data recovery. A third said it covered incident response, regulatory fines, and third-party damages.
The report highlighted the fact that insurers are getting tougher to please. More and more, they require organizations to implement a broader set of security controls. By forcing organizations to adopt tougher layers of security, they seek to reduce the number of customers needing payouts from their cyber-policies. 51% said their insurer required that they implement cybersecurity awareness training and another 47% were required to have malware protection, antivirus software, multi-factor authentication (MFA), and to comprehensively backup their data. 42% had to acquire Privileged Access Management solutions to meet cyber-insurance requirements.
Although about 93% of applicants are approved for coverage, the number receiving comprehensive coverage for everything has dwindled sharply. Gone are the days when insurers happily signed off on wide-ranging coverage. They got burned too much by surges in the number of claims due to the latest strain of malware such as Log4j or the latest rash of ransomware outbreaks. That’s one of the big reasons why 75% of respondents said that their cyber-premiums increased in their last renewal.
Not only were their monthly payments hiked up, but they also faced far greater scrutiny from potential insurers. They wanted to know every detail of their security posture, their risk profile, and areas of potential vulnerability. Some of this was used as grounds for refusal of cyber insurance. In other cases, these assessments by insurers led to demands to implement a variety of different security tools.
Any prospective cyber insurance policy holder, and anyone coming up for renewal, therefore, is advised to carefully assess their security basics before applying. Things like lack of comprehensive backup, inadequate patch management, and a lack of vulnerability management tools could form immediate grounds for refusal.
Get ahead of the game by implementing Syxsense Enterprise. It provides automated tools to help meet the standards required by cyber insurance providers. It offers access to real-time data and device monitoring so security personnel have access to live, accurate information on the existing security picture, potential vulnerabilities, the state of patch management, mobile device security, and more. It helps IT to keep BYOD and company-issued devices secure from threats in remote, hybrid, or roaming work models. And it provides a way to enforce security standards, install and delete applications, set auto update policies, deploy patches automatically, and remotely lock, reset, and wipe mobile devices. It also helps satisfy underwriter demands for higher levels of automation in the enterprise before they approve new cyber insurance policies.
Why face steeper premiums or even cyber insurance rejection? Implement Syxsense Enterprise today.