Companies of all sizes know that cyber insurance premiums come with a high price tag. Premiums have increased every quarter over the last several years, according to the Global Insurance Market Index, and ransomware is the primary reason for the increased prices. Two-thirds of all companies suffered a ransomware attack within the past year, according to Sophos’ The State of Ransomware report. The report also found that the average ransom payment was more than $1.54 million in 2023, and the average cost to recover from an attack — not including the ransom payment — was $1.82 million. As a result, cyber insurance providers feel the rise in premiums is justified.
With the large number of ransomware attacks, companies consider the protection of a cyber insurance policy to be a necessity. Yet, cyber insurance providers want to minimize their losses. As a result, the application process for insurance is lengthy and comprehensive. Providers are only offering cyber insurance to companies that have prevention measures in place to reduce the risk of a cyberattack.
To get accepted for cyber insurance, companies need to be prepared for the application process — and that can mean proactively implementing proper cyber measures prior to application. A few of the core qualifications for cyber insurance that every cyber insurance provider will ask about include the use of multifactor authentication (MFA), managed detection and response (MDR), digital forensics and incident response (DFIR), and employee training.
Across the board, cyber insurance providers want to know that your company has MFA in place. MFA requires multiple methods of authentication to verify an account user’s identity during login. MFA’s layers of security make it harder for a bad actor to access a targeted account. Types of MFA include knowledge factors such as passwords, personal identification numbers, and security questions; possession factors such as tokens, key fobs, and badges; and inherence factors or biological traits such as retina scans, fingerprint scans, and voice authentication.
Last year, cyber insurance providers required companies to have MFA to qualify for cyber insurance. This year, insurers are taking that requirement one step further. Now, providers need to know that companies have MFA and, more importantly, that it has been implemented.
“Early on, insurance providers would ask, ‘Do you have multifactor authentication?’” said Doug Howard, CEO at Pondurance. “Companies would answer ‘yes,’ but come to find out, the companies had it but never implemented it or implemented it only on VPN (virtual private network) and no other system. Now, the questions on the insurance applications are getting deeper. Providers want to know that you’re using MFA in a way that will actually protect your company against bad actors.”
Insurance providers want to see companies partnering with MDR providers, and having MDR services is a minimum requirement for many insurance providers. Working with an MDR provider can reduce the likelihood that your company will experience a cyber incident and can demonstrate to cyber insurance providers that your company is taking responsible steps to pursue comprehensive defense strategies.
Modern MDR providers monitor networks 24/7, discover suspicious activity, and launch mitigation measures if an incident occurs. MDR services combine technology and humans to monitor, alert, investigate, and proactively respond to cyber threats for clients. These services also decrease dwell time — the time from when a bad actor enters an environment until the bad actor is removed — and, ultimately, reduce the cost of a breach.
“Cyber insurance providers want to know that companies have the technology, processes, and people already in place to protect against an attack,” said Doug. “MDR services can provide the full visibility, testing and analysis, and talented humans needed to reduce your cyber risk. As a result, MDR has become a standard requirement for cyber insurance.”
DFIR involves digital forensics, which is data collection to determine what happened during an attack, and incident response, which is action taken following an attack. DFIR teams deploy at a moment’s notice to intercept attacks, save electronic evidence, perform damage control, and determine what is needed for secure restoration.
When you work with a DFIR firm, your company can lower its risk profile and improve its ability to secure cyber insurance. Every minute counts after an attack, and companies that have a DFIR team already in place are ready to immediately respond to a compromise, minimize losses, and prevent future incidents.
“If your company has an incident and you’re proactively partnering with a DFIR team, you’re way ahead in terms of response and recovery,” said Doug. “A DFIR partner will already be familiar with your company and understand what’s important to you. The team can contain the incident, determine exposure through forensic analysis, and quickly restore your normal operations.”
Every company should educate employees — both staff and managers — about the importance of data privacy and the potential cyber threats that they may encounter. When employees are well educated on cybersecurity practices, a company faces less likelihood of a data breach. And that’s what cyber insurance providers want to see. During the application process, all providers will ask if your company performs cybersecurity awareness training at least once every year. They also want to know how often your company conducts phishing training since phishing is such a common way for bad actors to infiltrate a company’s system.
“Many bad actors target employees through phishing attempts,” said Doug. “So it’s critical to educate employees year-round about how to detect malicious email links and keep your company’s systems safe from attack.”
Cyber insurance providers only offer insurance to companies that have prevention measures in place to reduce the risk of a cyberattack. Your company needs to be prepared for the application process by proactively implementing such measures prior to application. To learn more about how to get approved for cyber insurance, check out our blog Improve Your Qualifications for Cyber Insurance: 4 Things To Know.