Cyber risk is continually cited as a top concern for executives and board directors — and rightfully so. In recent years, there has been a significant increase in cyberattacks, specifically ransomware, supply chain attacks, and data breaches. Just look back at some of the worst cyberattacks of 2021 including SolarWinds, Microsoft Exchange, Kaseya, Colonial Pipeline, and Log4j to name a few. Because of this, companies today are facing a more rigorous cyber insurance underwriting process, with a high level of scrutiny on security controls and internal processes and procedures around cyber risk.
In this blog, we will briefly cover how the cyber insurance market is changing, and the new expectations for a company seeking to obtain or maintain cyber liability coverage in 2022.
For a deeper dive, watch this month’s masterclass:
Higher Expectations & Higher Premiums: Navigating Your Next Cyber Insurance Renewal
Key insights that will be discussed:
Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help cover financial losses that result from data breaches and other cyber events.
Ransomware attacks continue to escalate in frequency and severity, affecting all industries, especially health care, manufacturing, educational institutions, and public entities. This has ultimately led to a boom in the cyber insurance market, increasing the demand for cyber re/insurance coverage due to heightened awareness of cyber risks. In fact, we have already seen cyber insurance prices increase by 35% in 2021 — the largest increase since 2015. The cyber insurance market is rapidly evolving, and companies are now facing higher premiums, regulatory changes, and new difficulties in the renewal process.
The changes in the cyber insurance market, however, are not limited to just price increases and coverage restrictions. Cyber liability underwriting requirements have become more stringent and insurers have now started requesting additional information on security and process controls they expect companies to have implemented to protect themselves from a cyberattack (see Table 1).
Table 1: Cybersecurity controls are critical for your cyber insurance renewal
Whether you are placing cyber insurance for the first time or headed into renewal in 2022, preparation is going to be key to meeting the rigorous demands of the insurers.
Expect underwriters to want to review information about your basic exposures, information security controls, data backup procedures, regulatory compliance, and company policies and procedures. In addition, many insurers are now requiring supplemental applications documenting specific controls for ransomware, dependent business interruption recovery procedures, and operational technology networks. >> Check out Woodruff Sawyer’s publication for more details: Looking Ahead to 2022: Cyber Insurance Expectations for the Coming Year.
With increasing regulatory attention and scrutiny in cyber insurance underwriting, here are some tips to help you improve your cyber insurability in 2022:
For the best outcome, be ready to start the process early — aim for 90 to 120 days ahead of the renewal or inception date.
Cyber insurance is a critical tool for businesses facing the looming threat of a major cyber incident. As cyber risks evolve, cyber insurance will become more complex and costly, and underwriters are going to ask tougher questions about your cyberattack mitigation plans. A company’s best course of action is to plan ahead and be prepared to meet cyber insurers’ new requirements in advance of their placement or renewal date.
TAKEAWAY: Advance planning is key to ensuring your organization qualifies for cyber insurance in 2022. Start now – it is only going to get more difficult!