Cybersecurity Insurance Is Changing In 2022 & 2023

Insurance carriers are raising their standards and may not want your money if your cybersecurity practices are not up to par.
Discover more

How Cybersecurity Insurance Is Changing In 2022 & 2023

Insurance carriers are raising their standards and may not want your money if your cybersecurity practices are not up to par.

Discover The Latest Cybersecurity Insurance Requirements

Key points:

  • Cybersecurity insurance carriers are updating their requirements
  • If you want to qualify for a policy, you need to improve your cybersecurity posture
  • Find out what you need to do to qualify below

During the past 12 months, a clear trend has emerged as many of our client’s cyber insurance came up for renewal.

Before processing the renewal, cyber insurance carriers require more sophisticated written cyber policies, tools, training, and disaster recovery systems. Many cases also significantly increase in premiums for individual cybersecurity risk items that are not being addressed.

Cybersecurity Insurance Won’t Protect You If Your Cybersecurity Standards Aren’t Up To Par

The somewhat inevitable nature of modern cybercrime has led businesses to consider cybersecurity insurance as a final layer of reassuring protection.

It’s becoming increasingly necessary, as many insurance providers have begun drawing a clear line between typically covered losses and those incurred by cybercrime-related events.

That means that if your cybersecurity doesn’t meet the higher standards of your insurance provider, you may not be as well covered as you think.

This has nothing to do with whether there has been a claim or not in the past and everything to do with what steps the applicant must now take to address cyber security risks.  All the carriers now have additional forms filled with cybersecurity questions that must be answered accurately before the carrier will issue or renew the policy.

Furthermore, you can be sure that if a claim against the policy is ever submitted, the carrier will check the answers provided to determine if there is any reason for them to deny coverage.

Cybersecurity Measures You Already Needed…

Use this checklist to evaluate where you stand regarding cybersecurity standards that most cyber insurance companies follow today.

These are just a few of the requirements that insurance companies will hold you to qualify for a policy, as well as coverage in the event of an incident:

  • Application Whitelisting
  • Asset Inventory
  • Custom Threat Intelligence
  • Content Filtering
  • Database Encryption
  • Data Loss Prevention
  • DDoS Mitigation
  • DNS Filtering
  • Email Filtering
  • Intrusion Detection System
  • Mobile Device Encryption
  • Network Monitoring
  • Penetration Tests
  • Perimeter Firewalls
  • Security Info & Event Management
  • Vulnerability Scans
  • Web Filtering
  • Web Application Firewall

9 New Cybersecurity Measures You’ll Need Now…

Extended Detection & Response (XDR)

Developed to provide advanced cybersecurity defenses, XDR is a complete cybersecurity solution that protects systems before, during, and after a malware attack, employing different technologies and methodologies where necessary.

Multi-factor Authentication (MFA)

MFA (MFA) is a great way to add an extra layer of protection to the existing system and account logins.

By requiring a second piece of information, like a randomly generated numerical code sent by text message, you’re able to make sure that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are options, as are physical objects like keycards.

Endpoint Detection & Response (EDR) 

A comprehensive and reliable Endpoint Detection And Response (EDR) solution is the best way to improve your cyber defenses. EDR is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.

This vital service protects endpoints like laptops, desktops, smartphones, tablets, servers, and virtual environments. Endpoint protection may include antivirus and antimalware, web filtering, and more.

Managed Detection & Response (MDR) 

Managed Detection and Response (MDR) is a comprehensive service that includes 24/7 threat monitoring, threat hunting, and detection response.

Regular Updates and Patches

Despite how advanced modern software is, it is still designed by humans, and the fact is that humans still make mistakes. That’s why much of the software you rely on to get work done daily could have flaws—or “exploits”—that leave you vulnerable to security breaches.

Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix and protect the users. This is why you need to keep your software up to date.

Secured Backups and Recovery

Backups are a fundamental part of cybersecurity. The backup solution should provide both local onsite backup for quick recovery in instances of data loss and an offsite cloud-based backup for when your business is hit with a critical disaster.

Furthermore, these offsite backups need to be protected by a digital air gap, ensuring they are not at risk of encryption in the event of a ransomware attack.

Tested Incident Response Plan

An Incident Response Plan provides the plans, procedures, and guidelines for handling data breach events at our office(s), or via any of our servers or mobile devices.

The plan encompasses procedures on incident response engagement and how the incident response team will communicate with the rest of the organization, other organizations, and law enforcement and provides guidance on federal and local reporting notification processes.

This plan is necessary to clarify the roles and responsibilities of your employees so you can quickly mitigate risks, reduce the organization’s attack surface, contain and remediate an attack, and minimize overall potential losses.

Remove End-of-Life Software

At the end of life, you should no longer use a given software application. Once a product reaches the end of its life, the manufacturer no longer issues security updates. Continuing to use this hardware will put your business at risk.

Employee Training

Users are a crucial aspect of a company’s cybersecurity capabilities. The better your staff understands the most common cybercrime tactics, the less likely they’ll fall for them. Make sure you have a documented cybersecurity awareness training program in place.

3 Ways We Help Our Clients With Cybersecurity Insurance

Application Management

We can manage the questionnaire on your behalf, identifying any areas that require changes to help you qualify for a policy or even a lower insurance premium.

Cybersecurity Remediation 

We make necessary modifications and changes that cost as little as possible. In many cases, it’s simply a matter of developing the right documentation or changing settings in your systems to comply with your carrier’s cybersecurity standards.

Additional Resources

We offer templates for cybersecurity management policies and statements of operations so that you don’t have to start from scratch.

Need Help Qualifying For Cybersecurity Insurance?

Meeting the stipulations laid out by cybersecurity insurance providers may not be easy depending on the state of your cybersecurity posture. I.T. Matters, Inc. can help you improve your approach to cybersecurity.

Our team provides cybersecurity and technology services for organizations like yours—we are available to help you develop a robust cybersecurity defense.

We can advocate your qualification to qualify for a policy and minimize the chance that you’ll have to claim your cybersecurity insurance. Get in touch with our team to get started.