Back

Cyber Insurance Requirements Changing in 2022

The number and severity of cyberattacks in 2021 and preceding years have triggered significant changes in the cyber insurance marketplace Historicall...

6 min read
Published on Jun 21, 2022
cyber-insurance-requirements-changing-2022

The number and severity of cyberattacks in 2021 and preceding years have triggered significant changes in the cyber insurance marketplace. Historically, this marketplace was viewed as being relatively soft. The consequence was that firms could get coverage at somewhat lower premiums. However, the exponential growth in adverse security events in the past year has led to the hardening of the cyber insurance marketplace.

Here’s a breakdown of some of the cyber insurance changes resulting from this hardened stance.

Increase in Demand for Cyber Insurance

If 2021 is anything to go by, no business is safe from cyberattack. With the increase in the number and cost of cyber incidents, more firms have recognized how vulnerable they are to an attack. The consequence has been an increase in demand for cyber insurance. Further, this increase in demand is captured by the National Association of Insurance Commissioners (NAIC), which points to a 21.3% increase between 2019 and 2020.

It would seem that businesses are feeling the pressure of the looming costs of a potential intrusion. This comes in the backdrop of a 2021 IBM report that shows, on average, a data breach costs $4.24 million. These high costs seem to be driving more businesses to seek cyber insurance coverage.

Tighter Terms and Exclusions 

Insurance providers aren’t jumping at the opportunity to provide the much-needed cyber insurance. Specifically, insurers and reinsurers are taking a step back to reevaluate their risk appetite. What’s more, these providers have moved towards requiring more documentation to evaluate the client’s cyber programs.

Insurers are working closely with cybersecurity professionals in somewhat of an investigative process to better understand the inherent risk that an organization is subject to. Ultimately, firms that fail to provide sufficient documentation or without the required controls might not receive coverage. Alternatively, the business might be required to pay higher premiums or risk having lower coverage limits for the account.

Rising Premiums 

There seems to be a supply and demand imbalance within the cyber insurance marketplace. Expectedly, this has resulted in higher premiums. Unfortunately, following the Colonial Pipeline and Kaseya attacks, rates further went higher, so much so that Marsh reported a 174% increase in premium rates.

Lower Cyber Insurance Coverage Limits 

Given the past cyber events and the ensuing payouts, insurers have had to reexamine their cover. Add the enhanced scrutiny and the rise in premiums, and you expect the amount of coverage available to dwindle. Businesses could access up to $10 million in coverage and then only receive $5 million.

Other than lowering coverage limits, some insurers are now reconsidering coverage altogether. This could be in response to the growing losses that insurers have had to incur while processing insurance payouts for cyberattacks.

Steps to Take to Ensure You Retain Your Cyber Insurance Coverage and Minimize a Premium Increase 

In 2021, cyber insurance premiums continued to climb to record highs. This was fueled by high-profile cyber events and ensuing massive payout. Specifically, according to the Council of Insurance Agents and Brokers, there was an average 27.6% increase in premiums during Q3 2021, atop a rise of 25% in the previous quarter. Going forward, how then do you ensure that you retain your coverage and minimize the premium increase? Here are a few tips to consider:

Multi-Factor Authentication (MFA) 

increasing cybersecurity to decrease cyber insurance premiums.

Adopt a practice to navigate the new cyber insurance requirements that have MFA across your network and all surfaces that might be exposed to threat actors. These points of exposure include privileged accounts within your network as well as cloud and SaaS-based applications.

Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR)

With EDR, monitor end-user devices to detect and respond to cyber threats soon as they occur. On the other hand, MDR is significantly more expansive than EDR. By design, it should be able to cover the entire network environment and will include 24/7 Security Operation Center (SOC) monitoring and scanning for all open ports.

Regular Updates and Patches 

You will require a documented cadence of updates and patches. The need for regular updates and patches is brought about by the sheer speed and volume of cyber threats.

Secure Backups and Recovery 

Insurance providers now require that your business has current backups that are in a separate, secured location. This backup should have MFA to restrict unauthorized access and should include a solid disaster recovery plan. That way, potential downtime reduces significantly.

Documented and Tested Incident Response Plan 

Carriers now require that you have a documented incident response plan in place. This plan should include how you’ll coordinate actions with the insurance provider, IT partner, legal, public relations, and your clientele.

Employee Training 

Your human capital remains the weakest link as it pertains to cyber threats and events. Specifically, 26% of all the cyber incidents in 2021 were due to inside criminal activity, while the remaining 74% were a result of employee negligence or phishing and consequently theft of login credentials. Insurance providers, therefore, require regular employee training to help your staff identify security threats. You could even go a step further and design a phishing campaign to train your employees on how to stay vigilant. Overall, adopting a controls-focused cyber governance approach coupled with a deep understanding of your business’s security posture is the best way to ensure that your premiums are not insanely high.

Learn More About Cyber Insurance Requirements Changing in 2022

Concisely, in 2022, you’ll have to grapple with rate increases, reduced capacity, ransomware sub-limits, higher deductibles, and supplemental applications. As cybercriminals continue to flourish and expand their attack scope, expect coverage to be significantly more expensive and requiring of more significant institutional safeguards. Additionally, you are likely going to have to deal with increased underwriting scrutiny and somewhat of a painful application process that includes a Ransomware Supplemental Application. Seeing as the security controls you have in place factor majorly into whether or not you meet the new cyber insurance requirements, it’s only prudent that you look at your cybersecurity from an aggregate level.

Agile IT provides security and compliance services against the most stringent requirements in the world and can help your company understand its risk profile and provide a comprehensive plan to meet cyber insurance requirements, thus reducing the overall possibility of a cyber incident. To learn more, schedule a free consultation today.

Related Posts

Common Questions About Azure Migration Answered

Common Questions About Azure Migration Answered

Get answers to the most common Azure migration questions. Learn about costs, best practices, security, compliance, and troubleshooting cloud migration challenges.

Apr 29, 2025
3 min read
AVD vs W365 in GCC high reducing your CMMC scope

AVD vs W365 in GCC High Reducing Your CMMC Scope and Simplifying Compliance

Comparing AVD vs W365 for GCC High? Learn how each can reduce your CMMC assessment scope and simplify security and compliance management in government environments.

Apr 28, 2025
7 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

Implementing Cybersecurity Policies for CMMC Compliance and Managing CUI

CMMC compliance requires well-documented cybersecurity policies. Learn how to implement security controls, create an SSP and POA&M, and manage Controlled Unclassified Information (CUI).

Apr 25, 2025
7 min read
CMMC compliance for DoD contractors

CMMC Compliance Requirements for DoD Contractors and Subcontractors in the Defense Industry

CMMC compliance is mandatory for DoD contractors and subcontractors. Learn about certification levels, requirements, and the consequences of failing to meet compliance.

Apr 24, 2025
6 min read
How to prepare for a CMMC compliance audit

CMMC Compliance Audit Preparation: A Complete Checklist for Small Businesses

Preparing for a CMMC compliance audit is critical for DoD contractors. Use this checklist to perform a gap analysis, assess CMMC readiness, and prepare for a Level 2 assessment.

Apr 23, 2025
8 min read
FAR CUI vs CMMC Understanding

FAR CUI vs CMMC Understanding the Differences and Overlaps

FAR CUI and CMMC both focus on protecting sensitive federal data, but they have key differences. Learn how they work together and whether FAR CUI compliance aligns with CMMC.

Apr 15, 2025
10 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation