Managing cyber-security risks with liability insurance

In recent years, the increase in crippling cyber-attacks has accelerated organizations’ demand for cyber insurance.

Cyber liability, also known as cyber insurance, provides coverage in the event an organization’s cyber security is breached. The scope of coverage often includes remediation costs and financial losses associated with business interruption, among other things.

As the need for cyber insurance continues to rise, so too does the cost of coverage. This is due to the alarming increases in frequency, severity, and cost of cyber-attacks, particularly ransomware and phishing attacks.

Insurers across the industry are continuously evolving their models to limit their exposure to potential losses. Organizations seeking cyber coverage should be aware of the following:

  • Rising premiums and lower coverage limits – increased scrutiny by insurers and rising premiums are impacting the amount of cyber liability coverage being offered in cyber policies. It was common for a mid-size organization to be offered $5 million in coverage in prior years; today, that same organization is likely only being offered $2 million or less.
  • Stricter standards for cyber insurance – insurers are implementing more stringent requirements for organizations to obtain / renew their cyber coverage. These measures include the use of multi-factor authentication (MFA), implementation of regular security awareness training, etc.

While insurance can play an important part of an organization’s approach to managing its cyber risks, proactive steps must be taken towards hardening and improving its cyber security posture.

Today, organizations are creating their own cyber security programs that include implementing end-point detection and response (EDR) capabilities, training employees on cyber security threats, and security event and information management (SEIM).

For more information on cyber liability coverage, please send an hylann [at] (email) to Hylann Ma, Growth and Innovation Manager.