Cyber Insurance and Underwriting Changes – Holmes Murphy

By Monica M. Minkel

Vice President, Executive Risk Enterprise Leader

The cyber insurance marketplace has shifted swiftly and strongly over the past year, and at Holmes Murphy, we’ve seen significant changes in underwriting criteria, appetite, and coverage quality.

I’ve done my best to explain this below and have offered some tips, but please don’t hesitate to contact our team for more information, to talk about your cyber risks, or understand how to make your company more resistant to cyberattacks.

Changes in Cyber Insurance Underwriting

There has never been a more important time to be proactive about cyber security. As the market has evolved, companies need to have an awareness of your direct risk and understand the criteria that will be most closely valued by the underwriting community.

Insurance carriers are asking more questions and requiring more detailed responses than what we have seen in the past. They’ve also been dramatically increasing pricing and retention, while frequently reducing coverage. On many renewals, we are seeing reductions, particularly around ransomware coverage.

This Forbes article notes that clients are seeing increases of more than 300 percent on their insurance renewals! In fact, the article says, “premiums are rising by 10 to 20-fold, and that is if a renewal is even available. Enterprises are left exposed, or have to pay exorbitant premiums.” It’s scary to admit, but we are seeing these results, and it makes the placement of coverage not fun for anyone.

Combatting the Cyber Security Insurance Challenges

The good news is, you can do something to help by embracing and executing a comprehensive security approach. It’s important to be proactive and aware, not just in the month before your renewal.

The Cybersecurity & Infrastructure Security Agency (CISA) recently released some best practices guidance, and we believe this information is spot on. The practices we found that are especially important to your business are:

Multifactor Authentication

You should validate that all remote access to your organization’s network and privileged or administrative access requires multifactor authentication.

Strong Controls for Backups and Cloud Services

If your organization is using cloud services, ensure that your IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.

Phishing Campaigns

These types of campaigns provide an opportunity for determining the potential susceptibility of your employees to phishing attacks. This is a practical exercise intended to support and measure the effectiveness of security awareness training.

Patch Management

Patch management should ensure your organization’s software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA. You can also sign up for CISA’s free cyber hygiene services, which includes vulnerability scanning, to help reduce exposure to threats.

Vulnerability Scanning

Vulnerability scanning has become more common, and underwriters are relying more heavily on information that comes out of third-party scans. If you’re not using some version of vulnerability scanning now, you need to be.

All of the major carriers use some sort of external facing scan tech. Some are third parties, like BitSight, BlackKite, Security Scorecard, or Upguard, and others, have their own proprietary scans.

Evidence of vulnerabilities on these scans will make your cyber insurance renewal time consuming, difficult, and expensive. It’s important to know what the underwriters want to know and take action to minimize the impact to your renewal.

Help with Cyber Risk

Holmes Murphy is committed to the Avoid, Reduce, and Transfer risk. With respect to cyber risk, we have deployed our Cyber Screener tool to help identify, well before renewal, problematic responses. We work with our clients to mitigate known issues prior to submitting to the marketplace. Being proactive makes a difference to underwriting.

If you’re interested in this help or simply have questions, contact our team. Be “Better Tomorrow Than Yesterday” through cyber awareness and intervention!

Published on: 03.10.22