Match Your Cybersecurity and Coverage to Your Unique Exposures
OCTOBER 4, 2022
With daily news reports about cyberattacks, organizations today accept cyber incidents as a fact of life. Some organizations attempt to prevent them and retain the risks, while others transfer these exposures with insurance. The latter approach requires a thorough assessment of the organization’s information technology (IT) risks and non-IT risks from a cyber insurance expert. Having this assessment done is imperative to understanding and negotiating for the coverage you actually need.
Some industries have more difficulty tightening cyber loss controls than others. Click on the following sections to read about the impact of cyberthreats on four industries: healthcare, construction, manufacturing and distribution, and real estate. (All organizations can access important data and insights on cybersecurity and coverage best practices in USI’s 2022 Commercial Property & Casualty Market Outlook Mid-Year Addendum.)
For all industries, underwriters are taking a more thorough and technical look at each organization’s cyber exposures and loss controls. Insurers expect not only base-level information security controls — they expect these and other controls to be fully implemented against an insured’s entire enterprise. Base-level controls include multifactor authentication, endpoint detection and response, backup security, network segmentation, and the existence of a security operations center (SOC) to monitor logs. Insurers are now also requiring:
- Utilization of common vulnerabilities and exposures (CVE) threat-hunting teams to monitor and respond to common vulnerability exploits
- Constant review of domain administrator accounts
- Vigilant assessment of services accounts
- Deployment of managed detection and response to not only monitor logs but act on them
Insureds that do not adhere to base-level information security controls will likely experience higher premiums, restricted coverage, reduced insurance capacity, or higher self-insured risk (SIR) — assuming insurance carriers are willing to take on the risk. Even organizations with average risk profiles may face higher premiums and restrictions to retentions and policies.
Insurers are looking for organizations to deploy enhanced phishing controls and, most critically, would like clients to actively reduce their data footprint. Organizations should inventory the data they absolutely need and remove the data they don’t. Understanding the risks is the first step to improving cybersecurity and presenting the best possible risk profile to underwriters.
How USI Can Help
USI’s cyber risk experts specialize in identifying and prioritizing risk to help clients understand their unique cyber exposures. We work with clients to reduce those exposures and provide adequate coverage by reviewing existing policies and benchmarking limits and retention, thereby identifying weaknesses in the current program structure. We provide additional support and resources to clients to help them improve their cyber risk profile and secure favorable coverage and placement.
Cyber risk is no longer an inconvenience — it’s a balance sheet issue for organizations across all industries. In the current risk environment, failing to procure proper insurance coverage and align cyber resources could be the demise of your organization.
Contact your USI representative or email email@example.com to learn more about the solutions designed to mitigate risk and protect your organization in the event of a cyber incident.
Get USI insights delivered to your inbox monthly.