Applying for Cyber Insurance
Cyber insurance claims have increased as successful cyber attacks have heightened, causing insurers to implement a much more detailed and exhaustive underwriting process. The days of quick cyber insurance applications are long gone – so what can you expect in the years to come? How can you provide insurers with an accurate picture of your risk profile?
Applications in the Past
For many years, cyber insurance applications have consisted of, generally, the same 30-50 questions. Answers were grouped into standard categories like information security, third party services, risk background, loss experience, and current coverage. This information would help insurers get a grasp on:
- Who is responsible for cybersecurity at your company
- If you are responsible for storing, processing, or transmitting sensitive data
- What technologies are used to protect data, systems, and your environment
- If you have documented policies and processes that address cybersecurity
- Your company’s history of cyberattacks or data loss
- Whether you are in compliance with any industry standards or regulations
These questions were pretty painless to answer and didn’t require much information gathering or collaboration. When organizations submitted an application for a high dollar policy, they could count on insurers not needing to verify much else.
Expect Exhaustive Applications
In 2022, organizations can expect a lot more questions in a cyber insurance application. In addition to the general risk information collected in past applications, the latest cyber insurance applications now include questionnaires about:
- Specific controls that secure data whether it’s stored, processed, or transmitted
- What data backups are in place
- If an organization follows IAM best practices
- Specific controls that protect the network
- Firewall configurations
- Patching cadence
- Cloud security
- Specific controls that mitigate ransomware
- What type of security awareness training is required of employees
- Agreements with third parties or vendors
- Review of specific documentation like Incident Response Plans, Disaster Recovery Plans, and Business Continuity Plans
- Review of annual risk assessment
- Review of audit reports, if applicable
You must be as thorough as possible in your application. Once you submit this information, you may be subject to more extensive questionnaires or even interviews with team members that oversee IT, cybersecurity, or compliance programs
Getting the Details Right
With the level of information now required by underwriters, you can’t assign the insurance application or renewal process to just one person in your company. Who should fill out your cyber insurance application? With the new complexities, it may be appropriate to get input from:
- Internal IT team, IT provider, or managed service provider
- Risk managers
- Privacy officers
- Compliance officers
- Finance department
- Marketing department
- HR department
- Executive team or c-suite
- Board of directors
By collaborating with many different departments in your organization, you give yourself the best chance of success.
With the right guidance and planning, you can renew an existing policy with minimal changes in coverage or fees – but it’s critical that you understand the changes in the industry and how to fill out a detailed application.
To prevent denials or a decrease in coverage, start preparing for your renewal with our self-led security risk assessment. If you’d prefer one of our IT experts walk you through the process, get in touch with us and a member of our team would be more than happy to assist.