Cyber Insurance Renewal - It's a Whole New Ballgame!
Updated: Nov 10, 2021
By Christina Kokinda and Matthew Bickford
Increased cyber threats and losses have roiled the cyber insurance market. Cyber insurance policyholders should expect and plan for increased costs and a more rigorous renewal process.
The cyber liability insurance market has hardened significantly due to an increased number of cyberattacks and ransomware incidents. Insurers are reducing capacity on cyber policy limits, increasing deductibles/retentions and increasing premiums. They are including subjectivities and relying on warranties insureds make in their applications. Consequently, policyholders should be prepared for a very different renewal process.
Policyholders should be pro-active when thinking about cyber-related risks and their cyber insurance coverage. Cyber Insurance is a crucial component of any cyber risk management program. However, as hackers and bad actors have become more sophisticated and the scope and size of losses they can inflict has increased, insurers have been placing limits on coverage. Insurance is not necessarily going to cover all losses. Policyholders should consider cyber insurance as a complement to best practice policies, procedures, security controls and IT infrastructure.
Organizations should understand clearly what their cyber policy covers and does not cover. Not all provisions in an insurance policy are applicable to all risks. Furthermore, to best understand the true value of the insurance being purchased, policyholders need to consider the limits, sub-limits and retentions applicable to each coverage in the policy.
Organizations should consider starting the renewal process months earlier than in the past because the process is likely to be more involved than prior renewals. Insurers continue to refine their underwriting and are now requiring much more information than at prior renewals by requiring new applications in lieu of short-form renewal applications. They are also requiring supplemental questionnaires related to ransomware, GDPR and/or business interruption. Policyholders should be prepared to spend more time gathering the information necessary to satisfy insurers. With adequate time built into the renewal process, policyholders can also obtain and evaluate alternative quotes from a number of carriers in the cyber insurance market who remain available to insure companies with good risk profiles.
Insurers Are Responding to New Underwriting Risks
Underwriters are responding to rapidly changing conditions that affect their assessment of cyber risks including:
Increased access points as people work from home during the pandemic (which may ultimately become more of the norm).
Sharp increase in ransomware attacks and an increase in the average ransom payment.
Change in the criminal business model for ransomware from numerous small easily-paid ransom demands to targeted multi-million dollar demands.
Change in the criminal threats in ransomware attacks from merely locking up data and systems to exfiltrating sensitive and/or proprietary client and other third-party information onto the web.
Increased sophistication in invoice fraud and social engineering attacks leading to transfer of funds.
Substantially more legal liability and fines arising from new state and international regulations.
Increased potential for actual property damage and/or loss of revenue as more operations, processes and equipment are linked together by computers and/or on the web.
Recommendations for Policyholders
The renewal process for a cyber policy is going to be more rigorous and the application(s), along with any supplemental questionnaires, are going to be more detailed than in the past.
Start the renewal process early and involve your IT department or third-party IT provider from the beginning.
Have an individual who has an in-depth knowledge of the IT systems complete the application to help ensure that representations and disclosed information are accurate and detailed. Consider adding an addendum to the application to provide additional details and information if a "yes" or "no" response does not suffice.
Require Multi-Factor Authentication (MFA) on all servers and email.
Identify if there are critical End-of-Life software systems that are necessary to continue business operations. Carriers may want assurances that security updates are still occurring even when software support is no longer offered or available.
Be prepared for the insurer to conduct a screening test on what it considers to be basic cyber hygiene and be prepared to respond quickly to any deficiencies the test uncovers.
If sensitive data or information is stored on the network, be pro-active with IT professionals to restrict access and update policies and procedures on a scheduled basis.
Conduct IT audits on a periodic basis.
Understand what resources are available from the cyber insurer and utilize them as needed. For example, some insurers provide cyber mitigation services to their policyholders at discounted rates or at no additional charge.
Use the renewal application and feedback from insurers as an opportunity to identify where improvements can be made.
Be prepared for continuing changes in the cyber market as underwriters react to new types of threats and modify their forms accordingly.