Organizations in the market for cyber insurance will find that obtaining a policy has gotten far more complex and expensive over the last several years, with insurers demanding granular information about potential insureds’ security postures and procedures, experts said at a recent webinar.[1]
Raja Patel, senior vice president of product at cybersecurity firm Sophos, said insurers want—and often are demanding—strong cybersecurity programs before agreeing to issue or renew a policy.
“Cyber insurance coverage is skyrocketing at a time when insurers are raising premiums, tightening requirements for coverage and introducing more policy limitations and exclusions,” Patel said. “Whether you have cyber insurance today or are in the process of applying, it’s critical for you to understand the factors that influence insurance companies’ decisions about eligibility, coverage, the cost of the premiums and how cyber insurance fit[s] within the broader cybersecurity and risk management strategy.”
Patel added: “The healthier a customer is in managing the real-time outcome of their [cybersecurity] posture, the better they’re going to be able to get a policy, and probably get a policy at a higher limit and probably help their premiums out.”
In addition, organizations need to stay on top of cybersecurity to keep their coverage, Patel said. “It’s not like you go in and get a policy, and you’re done. You’ve got to make sure that a client doesn’t drift because that policy could get canceled at any point in time if the risk is above a threshold.”