In less than 9 years, ransomware attacks are predicted to attack and encrypt businesses or devices every 2 seconds. In 2021, the average ransom payment was $812,000 and 46% of businesses who had their data encrypted paid the ransom according to CybersecurityDIVE. For technology-based industries this number is even higher with 83% of companies paying the ransom.
In response to increased attacks, higher ransoms, and the number of ransoms being paid, insurance companies are more closely evaluating the risk of each business when determining coverage limits and pricing. Resulting in the application and underwriting process being longer and more detailed.
Here are 6 things you can expect to be asked when your business applies for cyber insurance
Company policies and procedures
Insurance companies may want to know what types of cyber security policies you have in place. This can include if you have an incident response plan, password update policy, personal device policy, and how you handle network access for employees - and how you revoke access from former employees.
Approximately 82% of breaches are caused by social engineering or human error. Expect to be asked about mandatory employee cyber security training, retaining and simulated phishing campaigns.
Insurance companies may ask if you have a program in place to test and audit security controls and if you have basic controls in place, such as firewalls, anti-virus software, multi-factor authentication, and if you use an endpoint protection and response solution.
Expect to be asked if you use out-of-date software and hardware. Out-of-date systems are more easily exploited by hackers. Insurance companies may specifically ask for procedures for upgrading older systems and equipment.
Knowing how a company handles data back-up is important for insurance companies to evaluate the risk of data loss in the event of a breach. Be prepared to answer questions about if you back up valuable data, how often, if you use redundant networks and if you have a disaster recover plan in place in the event of data loss on your primary network.
If you have experienced a cyber breach in the past, insurance companies may want to know what you’ve done to enhance your cyber security.
The application process for cyber insurance is increasingly detailed and extensive. By making cyber security a priority for your business you will also make your business more appealing to insurance companies which could lead to overall better coverage and premiums.
For more information on cyber insurance and security – check out of cyber resource page.