There is a lot more to cyber insurance renewals than just ticking boxes. Navigating developments both in cybersecurity technology and in minimum requirements can be overwhelmingly challenging at times but it is of utmost importance to keep your client insurable. In our most recent masterclass, Homa Shaner, CEO of FWRD Tech, delved into the top reasons a cyber policy is denied, cutting through the noise in the cybersecurity sector, advising your clients on a multi-layered security posture, talking to your clients about managed security, and top questions to ask key stakeholders.
Top Reasons Cyber Insurance Renewal is Denied
There are many reasons why cyber insurance renewal can be denied to a potential customer. If the organization is unable to demonstrate that proper security measures are in place or there is a lack of preventative security measures within the organization. Additionally, if the organization has suffered from costly data breaches, ransomware, and other security attacks in the past it can make for pricier cyber security insurance premiums. Homa explains, “The top reasons a cyber insurance policy is denied [is because] a customer doesn’t know what they have and they don’t know how to properly demonstrate that to the cyber insurance carrier.” On top of that, today’s cybersecurity landscape is extremely complex and noisy. The saturation of so many different vendors makes it challenging for organizations to know who to go with and due to rapidly evolving technology, there is limited security talent. As threat actors continue to get smarter and smarter, it becomes more costly to build proper Security Operation Centers (SOC).
Structuring security for cyber insurance renewals
Homa delves into the various structures and principles that are crucial for cyber policy renewal. She explains, “It’s really this moving target of being able to keep up with the additional costs while ultimately trying to prevent an organization from getting breached.” Being aware of this layered theory will mean that brokers can give a much more holistic service to their clients that goes beyond the cyber policy application forms and ensures their competitiveness.
7 Layers of Security
These are the 7 layers and their vulnerabilities and how to secure them is the key to a robust cyber security landscape. In order to be fully protected, more than a few security protocols are required. It is important to consider all possible access points and sites where hackers could access your network, data, and organization.
The 3 Pillars of Cyber Security to Ensure Cyber Policy Renewal
In addition to the 7 layers of security, different pillars of cyber security make it all flow together to ensure cyber policy renewal. It’s not all about technology, it’s people and processes as well. The three pillars are people, processes, and technology. Reviewing these three pillars will not only increase overall cyber security but it creates a culture of security throughout an organization.
- People are usually considered the weakest link, due to the nature of human error. The truth of the matter is that people are an organization’s first line of defense so it is crucial to properly assign roles and responsibilities related to information security. These include the Risk Manager, Security Manager, and Incident Response Manager.
- Processes are the how, when, and what. It is a set of integrated cybersecurity processes that identify, assess, and evaluate information security risks. It is the connection between people and technology. This includes incident management and business continuity plans to ensure effective response and recovery from cyber threats.
- Technology refers to cybersecurity and the implementation of proper technical and organizational efforts to manage information security risks. If a customer does not have the right people, processes, and technology in place then they need to take it a step further and make sure they find outsourced services that can help manage that for them on a daily basis.
Pros and Cons of Outsourcing Managed Security and Cyber Insurance Renewals
Due to the complex nature of cybersecurity, many organizations lack the proper budget to have all the necessary people, processes, and technology in place to deliver a cybersecurity posture, and that affects their cyber policy renewal. Having clients turn to an outsourced team to manage cybersecurity needs may be the solution to keep them safer, better-managed, and reinsurable. Homa explains, “There are a lot of benefits when it comes to managed security, and the market size today is over 31 billion, and in five years that’s expected to double, the annual compounded growth rate is 16% and that number is growing for a reason and it’s because it’s cost-effective.” Outsourcing a security team is not only cost-effective but they are trained in faster response times, staying ahead of the curve when it comes to new threat actors, and having all the necessary people, processes, and technology in one place. It is the crux of their business. All of this can ultimately lead to lower premiums as insurers see all the necessary postures if a claim were to occur.
Best Practices to Remain Insurable
There are best practices when it comes to delivering a proper cybersecurity posture that can help organizations remain insurable. Homa sees that a lot of her clients are consolidating their services in order to keep things easier to manage and less costly. Unique portals are being offered to summarize services allowing organizations to respond quicker if a cybersecurity threat were to happen. Additionally, organizations are leveraging outside IT and security talent. Homa recommends reviewing your client’s policy 6 months prior to renewal so that when it’s time they have everything properly in place. Create a security-aware culture so that every person in the organization is cautious.
Homa adds, “I would highly recommend taking this in as a best practice that you deliver to your customer. Make sure that all key stakeholders can answer the following questions:
- What are our most important assets and how are we protecting them?
- How do we know if we’ve been breached? How do we detect a breach?
- What Is the protocol if we Are targeted by a cyber attack?
- What are our response plans in the event of an incident?
- What are our business recovery plans in the event of a cyber incident?
- Is our cybersecurity investment enough?
- Are we compliant with laws regarding our customers’ information?”
In summary, this masterclass offered a very condensed and concise overview of cyber security fundamentals that every single cyber Insurance professional needs to be aware of together with a more practical application of those principles. Homa effectively covers the relationship between people, processes, and technology when consulting clients, how to help organizations layer their defense, and how to actually apply all of this in practice when speaking to clients in order to help them maintain insurability.