The cyber insurance market has completely shifted over the last six months. An increase in the number of claims and larger monetary damages associated with those claims has caused insurance carriers to adopt stricter underwriting guidelines, decrease coverage limits, and increase rates. A company’s internal controls are more important than ever to not only protect you from a cyber attack but to also allow you to qualify to purchase coverage that will help in the event a breach does occur.
We often get questions as to what type of controls need to be in place. While companies used to only need basic levels of cyber hygiene to qualify for coverage, this is no longer the case. We are now commonly seeing the following controls needed to be in place to qualify for coverage.
- Multi-Factor Authentication on all external access to your network or web-based applications.
- Encryption on all sensitive data at rest and in transit.
- Annual security awareness training of all employees.
- Advanced/next generation end-point protection on your network.
Another change we have seen recently is that there is little grace time (if any) to implement these controls when it comes to renewing or purchasing new policies. We strongly recommend looking into this proactively to ensure a policy will be available when you need it.