Cyber insurance has been thrust into the limelight in recent years. Taking a look at recent developments, it’s easy to see why. In tangent with the potentially perilous rise in remote working, attacks have become more frequent and as a result businesses are looking to insurers for comfort and protection.
What’s the data showing?
In Q2, the price of cyber policies shot up 79% compared to the previous year – as well as having doubled in each of the previous 2 quarters – according to Marsh & McLennan. Direct-written premiums also rose to $3.25 billion in 2021 – a jump of 92% – according to industry watchdog the National Association of Insurance Commissioners.
Judith Selby, a partner at Kennedy’s Law LLP’s New York office, said, “Underwriting scrutiny has really tightened up over the past 18 months or so.” And we can see why. Cyber attacks are becoming more prevalent so insurers will need more information and will naturally be a bit more hesitant to renew policies or add in extra coverage.
What information do insurers expect now?
Well, as in most situations, it depends on the organisation needing protection. Chris Castaldo, CISO at Crossbeam Inc. says, “Prior to the questionnaires, you just gave them the coverage amount you wanted and the industry you were in and that was it.” He suggests now that many security executives have to answer a plethora of questions relating to how they’re defending their companies.
Organisations now are expected to have implemented multi-factor authentication when logging onto company portals or servers. Not only that insurers expect businesses to prepare for and test responses to a breach. Insurers also want to know what contingency plans businesses have if an attack takes place according to Selby who also recommends endpoint protection, or monitoring and protecting tech against cyber threats and incident-response exercises.
What can companies do?
Ms. Selby says that some businesses will need to collaborate more than previously with insurers to get adequate coverage as no single carrier will want to take on all the risk. Tom Reagan, cyber practice leader at Marsh McLennan’s financial and professional products specialty practice, has recommended that organisations re-evaluate their needs half a year before renewal.