Many businesses are feeling it – they go to fill out their annual cyber insurance application, and suddenly, there are more questions and more stringent requirements. Why is this? The world of cybersecurity and cyber risk is rapidly changing–and the dramatic increase in ransomware attacks in recent years has created a sudden increase in the demand for cyber insurance policies. Both businesses and insurance companies are forced to react and respond as new information becomes available. In this blog, we’ll cover the four main reasons it’s becoming harder to obtain cyber insurance and what your business should be aware of when you fill out a cyber insurance application.
3 Reasons It’s Harder to Obtain Cyber insurance
After a drastic increase in ransomware attacks in recent years and major payouts from cyber insurance companies, cyber insurance companies quickly realized that this was not a sustainable business in its current form. In reaction, they changed their processes, making it more difficult for companies to obtain cyber insurance.
- More stringent requirements to claim a loss. Insurance companies require stricter assessments of a policyholder’s ability to recover from a cyber attack without needing to file a claim.
- They’re looking at your company for years or even decades. Insurance companies now want to see years of healthy business operations and a lack of a history of previous ransomware attacks. Many insurance companies also require you to have certain systems in place to protect your IT security, or they won’t issue you a policy.
- A history of paying ransoms. For obvious reasons, insurance companies are discouraging companies from paying ransoms. If a company has a history of paying one or more ransoms, this can quickly disqualify them from being able to obtain another cyber insurance policy.
How Can My Company Get Cyber insurance?
It’s not impossible to obtain a cyber insurance policy–it’s just getting harder. Insurance companies had to change their practices after such a dramatic rise in ransomware attacks in the U.S. The new requirements are really no different than a homeowners insurance policy that requires you to lock the windows and doors in your house. New cyber insurance requirements stipulate that companies lock down their cybersecurity. What exactly does this mean?
Here’s what we recommend when it comes to cyber insurance and cybersecurity:
- Don’t ignore your cybersecurity just because you have cyber insurance – cyber insurance does not solve everything. We know that 86% of small businesses do not have enough coverage to cover the average ransom. This means that you must have other protocols in place to protect your organization, or a ransomware event may cause you to go out of business purely from a financial standpoint.
- Get professional help filling out your cyber insurance application. Working with a managed IT service provider when you fill out your application will help you avoid the headache of wondering if you’re reporting correctly or understanding the fine print of what is required of your business to maintain compliance with your policy.
- Pay a little now or a lot later. Policy prices are increasing, and you may feel your budget is tighter than ever. While we don’t believe that cyber insurance is the answer to all of your cybersecurity problems, it is a great first step to protecting your organization. We highly recommend all businesses obtain a policy. Ask us if you have questions about what approach is best for your company.
Proactive Cybersecurity + Cyber insurance
The best cybersecurity plan is a comprehensive one. We believe that a proactive IT security plan involves preventative maintenance, ongoing monitoring, a professional team of IT consultants behind you, and an inclusive cyber insurance policy. Our managed IT services through PK Tech are customized to the client, taking into account how large your organization is, your industry, compliance requirements, etc. If you are interested in chatting with a member of our team, get in touch with us here.