1. The Cyber Insurance Industry is Evolving Rapidly

Insurance companies are scrambling to keep up with cyber risks, which are evolving rapidly. The industry is experiencing growing pains in many ways, including:

  • There may be less tolerance for lax cyber security measures from insurers due to changes in the way policies are underwritten.
  • Adapting too rapidly evolving cyber risks requires constantly changing pricing.
  • Risk appetites are changing among insurers, and the "right fit" will depend on your industry, company size, location, and unique risks.

2. Few Insurance Agents are Qualified to Sell Cyber Insurance

Most insurance agents don't even grasp the basics. Businesses are often given boilerplate coverages that aren't appropriate for their industry, size, or level of risk because they are not tailored or tailored to their specific needs.

  • In Ohio, there are 7,500 licensed property and casualty agents. Only 5% of those insurance agents are qualified to sell cyber insurance.
  • Worse yet, most agents don't know how to explain the policy to policyholders. As a result, policyholders may end up with inadequate coverage or too much coverage.
  • Insurance companies may not be on your side. To fully understand and interpret their policies, policyholders should consult an expert in cyber insurance.

3. Traditional Cyber Insurance Is Changing

The process of applying for Cyber Insurance is becoming increasingly challenging, and premiums are increasing dramatically.

  • Six years ago, a small business applying for cyber insurance had to complete a four- or five-page questionnaire and pay $300 or $400 annually. Now, there are 14 pages of paperwork, and a lengthy call with a security engineer, and they still might not qualify.
  • It is important for policyholders to understand their security posture. Consult an expert in cybersecurity and how it relates to cyber insurance so you can fully interpret and understand your policy.
  • Insurance Companies are getting smarter about what they are looking for in covering SMBs (small-to-medium sized businesses)
  • You should prepare yourself for cyber insurance audits. Your roadmap should take into account how insurance companies are reviewing their policies more closely.
  • Cyber insurance is denied to applicants with end-of-life systems, BYOD devices, low network security controls, or third-party service providers.
  • The healthcare industry is experiencing a tremendous increase in rates. Premiums have gone from $35K to $100K in a year in some cases!

4. Technology Changes are Coming in the Near Future

  • You're already in trouble if you're not doing endpoint detection and response (EDR). Network segmentation will be critical in the next 24 to 36 months.
  • Privileged access management systems are information security (infosec) mechanisms that safeguard identities with special capabilities or access.
  • A leading provider for EDR
  • Compensating controls
  • Backup encryption
  • Training and awareness about phishing and security should be conducted monthly instead of annually.
  • Your operational technology (OT) environment should receive the same level of scrutiny as your information technology (IT) environment.
  • SonicWall firewalls are no longer acceptable.
  • Your internal systems and emails should require MFA (multi-factor authentication).

Are You Looking for Cyber Insurance?

Take back control of the agency/client relationship with Trava’s ongoing assessment tools, secure risk management portal, and support from security experts. Contact Trava today.