Brought to you by:

Eight ways broker clients can soften tough cyber terms

Securing the right cyber insurance has become even tougher over the past year but there’s a lot brokers can do to help clients best place themselves for the fairest rate possible in this hard market.

Willis Towers Watson has shared with insuranceNEWS.com.au a summary list of key information cyber insurers are likely to request in a quote proposal, based on current key underwriting criteria seen across WTW’s global cyber portfolio at recent renewals.

In the past, cyber underwriters needed only short renewal applications with limited exposure data to issue formal terms. Today, cyber insurers are more deeply investigating controls, with a focus on resilience to a ransomware attack.

Many cyber insurers are imposing significant rate increases, higher self-insurance retention levels, co-insurance, coverage restrictions and language to limit indemnity for losses arising from ransomware or systemic cyber events, says WTW’s Cyber and Technology team, which helps clients convey the cyber security controls and investments they have made to prospective insurers.

“Our team has developed manuscript insurance solutions which can limit the impact of these terms,” it says.

“We ensure the full scope of our clients’ cyber maturity is captured to help distinguish them from any market peers.”

Nearly all insurers are now insisting applicants complete lengthy cyber ransomware application supplementals, WTW says, and brokers can consider working with a client to develop response proposal answers to capture each of the key underwriting criteria.

Here are the eight cyber security criteria likely to be scrutinised by prospective insurers that will make sure broker clients are best placed to secure the optimum quote for their cyber cover:

  1. Multi-Factor Authentication: MFA implemented for all remote access, and also for all access to privileged accounts, even on internal access.
  2. Backup procedures: Offline backups or alternatives solutions that make it impossible to delete existing backups.
  3. Active monitoring: The environment must be monitored by a Security Operations Centre, either internal or external, on a 24/7 basis.
  4. Asset Management: Inventory of the environment using a tool for Asset Management.
  5. Segmentation: The environment should be segmented to prevent an attacker from being able to access the entire environment.
  6. Privileged Access Management (PAM): A PAM tool in place to manage privileged accounts, and Local Administrative rights granted only on a temporary basis.
  7. Endpoint Detection & Response: EDR rolled out on all servers and endpoints capable of carrying an EDR agent.
  8. Awareness & Phishing training provided to all employees, with phishing simulation campaigns for employees in exposed situations