Before leaving on an extended (and expensive) vacation, I bought travel insurance. I wanted to protect myself in case I or my traveling partner tested positive for COVID-19. I had to answer a number of questions about my eligibility for such insurance before they would approve me. Nor did the insurance come cheap, but I wanted to protect myself and recover most of my expenses if my trip was canceled. 

Insurance is a necessary expense if you want to protect your assets. But, to purchase the insurance you need to meet certain criteria. This is mandatory for health, vehicle, life, business insurance and so on. 

As organizations face increasing numbers of cyber threats, cyber insurance is becoming a vital need. It’s a good way to protect against financial loss if there is a data breach or ransomware attack. However, just as you would have to pass a physical and meet certain requirements for life or health insurance, your cybersecurity system will have to undergo its own physical of sorts. Cyber insurers require businesses to meet certain standards and practices before approving a policy. 

What Cyber Insurers Want to See

Most insurance rules fall into basic cybersecurity measures, Jack Kudale, founder and CEO of Cowbell Cyber, an AI-powered cyber insurance company for small and medium-sized businesses, explained in an email interview. What insurers want to see are fairly standard best practices, such as multi-factor authentication (MFA), incident response plans and patching processes.

“We are seeing a significant shift where companies are now using cyber insurance requirements to build a compelling business case for higher priority and investment in cybersecurity,” Kudale said. “This can really become a win-win for all, as companies will easily become more secure and resilient to cyberattacks.”

There are specific types of attacks and threats that cyber insurers want to see addressed. According to Risk Strategies’ State of the Market 2022 Report, cyber insurance carriers are looking more closely at cyber risks caused by ransomware attacks, stricter government and industry regulations, weaknesses in the cloud and disruptions to the supply chain.  

The pandemic increased cyber risk, the report warned, because of the greater reliance on technology to keep business running smoothly across a remote workforce. This increased risk led to higher insurance payouts, so cyber insurers need to protect their own interests. This is why they have set a higher standard for organizations to meet to be eligible for cyber insurance. 

“It is important for businesses to use proprietary assessment tools to identify risk management controls that are deficient to their peer group,” Rob Rosenzweig, National Cyber Risk Practice for Risk Strategies, wrote in the report. Businesses should work closely with insurance brokers, Rosenzweig added, to ensure risk control standards are followed.

Best Practices for Cyber Insurance 

Companies that have a mature cybersecurity system should be ready to meet the requirements set by cyber insurers. Others with less mature systems or that have struggled to meet risk assessment goals during the pandemic will need to be more proactive. However, any company can benefit from conducting a risk assessment when applying for or updating cyber insurance contracts. 

“One benefit of a risk assessment conducted for cyber insurance is that it covers all facets of risk exposures: technology, processes and people,” said Kudale. 

Consider checking the following before you look for cyber insurance:

  • Conducting an intensive data inventory to know where data lives, where you store it and how you use it
  • Ensuring you have MFA set up
  • Taking a closer look at how you conduct backups. Are they done daily? Are they segmented from the network? Will you be able to put the backup into place quickly if a ransomware attack or other outage causes downtime?
  • Setting up a patching schedule and controls to make sure patches and updates aren’t ignored
  • Updating the incident response plan
  • Deploying regular security awareness training for employees
  • Setting up a least-privileged access model to prevent unauthorized users from causing cyber incidents and data breaches
  • Updating encryption processes.

The Good News

According to NetDiligence’s Cyber Claims Study 2021 Report, an interruption in business due to a cyber incident can cost a company hundreds of thousands of dollars, including recovery expenses. Fines and fees surrounding exposed records cost companies close to $1 million. As the number of cyber incidents increases, so will the cost to insure the business losses. It’s no wonder cyber insurance companies are looking to protect themselves.

There’s good news. The more your organization does to meet the requirements set up by cyber insurance companies, the more protection you’ll have. And that means your insurance will be a small expense toward protecting your assets.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…