Cyberattacks, ranging from phishing and ransomware to denial-of-service attacks and cloud-service interruptions, continue to increase in both frequency and sophistication. Cyberattacks ramped up even more when COVID-19 forced businesses to shift to remote work, with information on the pandemic used as a hook.
This increase highlights the importance of cyber coverage for businesses of all sizes. Cyber insurance policies are designed to guard against cybercrime and data breaches. It typically provides coverage for network security and data privacy liability, business interruption, ransomware, social engineering fraud, and expenses related to breach notification requirements.
While the need for protection is increasing, obtaining or renewing cyber coverage could prove more difficult as carriers look to trim losses. As with nearly all lines of commercial insurance, cyber insurers are tightening their underwriting guidelines and clarifying coverage intent in their policy language. Additionally, they are using third-party tools to evaluate cyber risk and making coverage decisions based on those results. Deficiencies which could influence an insurer to not provide coverage include:
- Outdated software, which is visible within its public-facing website or network presence
- Open ports
- Inefficient encryption protocols for web-based communication
- Lack of multi-factor authentication requirements
To get out in front of a potential non-renewal or non-coverage decision, you need to prepare. Here’s what you need to know if you’re purchasing cyber insurance for the first time or headed into a renewal:
- Begin your submission or renewal process 90 to 120 days out. This will allow time to address any gaps in cybersecurity.
- Review your current policy. Conduct a close review of your current policy, taking business changes into consideration, to determine if coverage remains adequate.
- Review cyber-related loss history and risk controls. Use this insight to update procedures, risk controls, business continuity plans, restoration and recovery procedures, and incident response and recovery plan guides. If controls are deficient, address those vulnerabilities now.
- Submit a complete and accurate insurance application. Gather data in advance and be prepared to answer questions related to COVID-19 impacts, such as how you’re responding to increased cyber risks and how you’re training employees to avoid phishing and other social engineering scams. Make sure you highlight any improvements you’ve made to your cybersecurity practices and controls that improve your resiliency to cyber events.
- Follow up on submission and ask for an early response. Your broker should keep in touch with carriers to ensure an early response so that there is ample time to deal with any unforeseen issues, such as a decision to not provide coverage. The sooner you know about a problem, the better you can address it.
Your broker can help you with these steps and play a key role in ensuring a favorable cyber policy underwriter evaluation. If you have questions about cyber liability, connect with a member of our team.