How to Influence Your Cyber Insurance Coverage

Despite massive worldwide spending on risk management growing to $150 billion, cyber attacks keep happening. Ransomware attacks doubled in 2021, with average ransomware recovery costs doubling to $1.85 million and average downtime increasing to 22 days. Within the next few years, nearly half of companies worldwide will experience cyber attacks on their software supply chains. And, threats like malware and botnets (such as the recent Emotet re-emergence) are wreaking havoc worldwide.

As companies scramble to respond to exploding cyber incidents and a massive threat landscape, they’re looking for cyber insurance coverage to protect themselves. But cyber insurers are responding to these industry challenges too. 

If you’re looking to gain or expand your cyber coverage and negotiate premiums in response to current market trends, you need to effectively demonstrate your organization’s risk profile to insurers. Bitsight’s newest ebook “How Bitsight Helps You Get Cyber Insurance Coverage” shows that by improving your cybersecurity strategy and showcasing the effectiveness of your program, you have a better chance to get the cyber insurance coverage you need at an ideal premium.

Although Bitsight cannot influence the risk appetite of an insurance company, we can help you understand your cyber hygiene while proving to insurers that you are actively invested in your security posture, which influences the coverage decision.
 

10 Signs of Strong Cyber Hygiene that Cyber Insurers Evaluate when Writing Policies

Insurers need to assume that any applicant is at risk of a cyber incident; it’s a question of how resilient the applicant is to withstand or quickly recover from cyber events. But, there are best practices for minimizing the likelihood of becoming a victim. Chief among them is a relentless focus on cyber hygiene—the practice of ensuring that the organization is performing effectively every day and continuing to invest in their program. An applicant’s overall cyber health sets the foundation for their risk profile and likelihood to get the cyber insurance coverage they need. Good cyber hygiene significantly lowers the chance of cyber incidents. 

From an insurer’s perspective, knowing if a company can effectively address these concerns is a good way to start understanding their cyber hygiene. These concerns include:

1. Access control
2. Insecure open ports
3. Patch, vulnerability, and configuration management
4. Email and web filtering
5. Endpoint detection and response (EDR) and malware protection
6. Cybersecurity awareness training and phishing testing
7. Incident response planning, logging, and monitoring
8. Supply chain security
9. Secure and tested backups
10. Overall cybersecurity hygiene

A strong candidate for cyber insurance is an organization that has processes in place to address these concerns, which shows a level of high cyber hygiene and maturity. These processes identify cyber risk, mitigate threats, monitor their security program for effectiveness, and improve over time.

Strengthen Security Posture to Influence Cyber Insurance Coverage

Bitsight helps applicants influence their cyber coverage. By showcasing the effectiveness of their cybersecurity programs, applicants can provide a full picture of their risk profile to insurers. We help companies strengthen their initial application and renewal position for optimal coverage through improving cybersecurity posture and remediating vulnerabilities with two of our solutions:

1) Bitsight for Security Performance Management (SPM) empowers companies to regularly assess and improve their cybersecurity hygiene to enhance their overall posture. Companies leverage SPM to put themselves into the best position possible for insurance coverage applications and negotiating premiums.

2) Bitsight for Financial Quantification for Enterprise Cyber Risk enables companies to assess their financial exposure to cyber risk so they can calibrate their insurance coverage. Financial Quantification translates cyber risk into financial terms. With this, companies can quickly understand the likelihood and impact of a cyber attack in financial terms, and can then validate their premiums and coverage. 

For more information about a cyber insurer’s strategy to underwriting policies, how to think about the cyber insurance application process, and how to strengthen your security posture to influence coverage, download our ebook.