How to contain the soaring cost of cybersecurity insurance in the age of ransomware

For most midsize and growing businesses, creating a cybersecurity strategy that includes cybersecurity insurance is a no-brainer. The web is rife with malicious software and ransomware that can target any company. Even though cybersecurity insurance can’t prevent your business from becoming a victim of these threats, it can minimize disruption and help cover the costs that stem from managing and recovering from one.

If you’re still on the fence as to whether your business needs such insurance, consider that there has been an increase in the number of malicious breaches every year. For example, 2021 saw a 104% increase in attacks on North American companies. In addition to lost time, recovery is a costly affair that entails restoring operations and managing PR to deal with damaging press.

However, having cyber insurance coverage today doesn’t necessarily mean you will have it tomorrow. You could lose it after facing an attack in a particular year. This is because insurance payouts are becoming increasingly expensive, and cyberattacks are increasing by leaps and bounds. 

Some insurers drop the client and reintroduce coverage only after reassessing that client’s business risks, usually with a hefty rise in premiums that won’t likely roll back. These hikes may recur annually, on the basis of the insurer’s risk assessment.

How to obtain cybersecurity insurance 

To qualify for coverage, you must have three domains under your absolute control — your public cloud presence, your remote operations and the network used within your business — and you must be able to prove it to the insurance provider. 

Insurers will look for any weaknesses in these domains, such as in your software, devices and infrastructure. If you are deemed to have too many gaps, insurers will steer clear. But in the event they still agree to provide coverage, it will be with premiums that are much higher than they would otherwise be.

The insurer will also probe individuals on your staff who have rights and access to sensitive information. This is because cyberattacks usually target key people and systems rather than the whole enterprise, and admin credentials are a lucrative commodity on the web. 

The tools already at your disposal, and the people and processes that execute them, will also be scrutinized. A huge company with a minuscule IT team will likely be declined coverage or offered a policy at a steep premium. Similarly, the responses and processes that you have in place may earn you points or weigh against you. 

How to keep cybersecurity coverage

So, how do you keep cyber insurance coverage? For starters, do not be lulled into a false sense of complacency. Hackers will not stop looking for opportunities to get inside your systems, and that opening may be a faulty system or something as banal as an easily guessed password. Not even the fanciest cyber defense system in the world is foolproof, and this should a mantra you convey to every user in your system. 

Establish routine communication with your insurance provider in which you share cybersecurity reports and assessment results. This not only gives you a chance to learn from their insights, but it also demonstrates how seriously you take cybersecurity, which in turn precipitates positive dialogue. 

Containing cybersecurity premiums 

Keep in mind that any security lapses will invite scrutiny and potential premium increases from your present provider as well as future insurance providers. Pose questions with your broker regarding which systems or tools you could introduce to reduce cyber insurance premiums. 

To further ensure that you don’t break the bank when it comes to paying premiums, present a united front to the insurer, in which everyone is involved in cybersecurity. From the head honcho to frontline professionals, every employee in your firm should be well-versed with its IT policies. If there is ambiguity, ask the provider if there are any additional best practices or steps that could be taken to decrease the premium. 

Be sure to maintain good offline relationships with the broker as this can be instrumental in negotiating premiums. And as every business now necessitates cyber insurance to protect its assets, ensure that your own is always protected by being vigilant and educating all staff on best practices, which will keep premiums down in the process.  

Want more? Escalon offers expertise on the fine points of cybersecurity insurance and different types of business insurance, in addition to back-office services such as accounting, HR and taxes. Talk to an expert today.