Be Prepared: Cyber Insurance Scrutiny Will Continue Its Upward Trend

Be Prepared: Cyber Insurance Scrutiny Will Continue Its Upward Trend

The cyber insurance market experienced widely documented and unprecedented change in 2020. Unfortunately, for insured organizations, those trends are not anticipated to slow down in 2021. Underwriting scrutiny has dramatically increased in response to several factors. 

Many of these factors have been documented in our monthly newsletter, “Cyber News Bytes.” Some of the most notable topics we’ve covered in the past year include the massive adoption of remote working in the wake of COVID-19, the continued reliance on third-party technology to conduct operations and store data, the increased frequency and severity of cyber claims, and shifting privacy legislation sweeping across the globe.

In particular, the most notable topic that we have covered is undoubtedly Ransomware. According to Beazley, a leading cyber insurer, Ransomware payments doubled from 2019 to 2020, with attackers finding more sophisticated and devastating ways to attack vulnerable victims.

In response, the underwriting community has adopted more stringent underwriting practices. Insurance carriers will not be complacent when assessing whether or not appropriate protections are in place. Organizations need to be prepared to share more about controls and procedures that have been implemented to minimize the potential likelihood they will experience an incident.  

While each market’s focus varies, several factors have proven to be consistent from insurance company to company.  Below are those key technology tools/procedures underwriters are looking for when assessing the risk/exposure each organization presents.

  • Multifactor Authentication
    • Remote Access
    • Email
    • Privileged Account
  • Backup
    • Segmentation/Cloud
    • Encryption 
    • Access
    • Testing
  • Employee Training – Ensure employees are following proper cyber hygiene practices.
  • Disabling/Protecting RDP – Helps keep the remote desktop safe against attacks.
  • Endpoint Detection & Response – Utilizing tools to identify and investigate suspicious activity.

The Next Steps

Beginning your cyber renewal process early will be critical to achieving the best possible results. The RCM&D Cyber Team strongly encourages clients to review these factors and address weaknesses in any of these areas as soon as feasible.  

Doing so before the organization’s upcoming renewal can help avoid the significant rate, retention and or coverage adjustments many insurance companies will be looking for in 2021.