Get the inside scoop with LoginTC and learn about relevant security news and insights.
April 27, 2022 •
Last week I had the pleasure of attending Intelligent Insurer’s virtual “Cyber Insurance Innovation 2022” conference, a two-day conference that brought together stakeholders from all different parts of the cyber insurance industry. Representatives from insurance companies, insurance brokers, Insurtechs, and cyber insurance marketplaces came together to discuss the recent challenges in the market over the last two years, and how all parties have been working together to overcome obstacles and stabilize the market.
As a SaaS company that has seen a major drive towards our services come from changing requirements in the insurance market, I was most interested in learning how best we can service those clients, and also mitigate some significant pain points, primarily being felt by brokers, owing to regulatory changes in the industry.
Hearing from dozens of panelists during the conference was insightful and though all came from different parts of this cyber insurance puzzle, there were some overarching themes that came up again and again.
The basic requirements and controls for acquiring cyber insurance that many insurers brought in during 2020, while frustrating for many companies, are working, and that means they’re here to stay.
I lost count of how many panelists brought up MFA as a base requirement for any company seeking to get cyber insurance. Specifically ensuring that MFA is implemented on email, remote access, VPNs, and for privileged accounts.
Implementing MFA before you go looking for an insurance quote, or well in advance of your renewal, was strongly recommended by the panelists. Panelists also stressed implementing MFA internally within your network, and in more than just the recommended places, improves your cyber security posture significantly, and makes your company a more trusted and attractive candidate for cyber insurance. In a hard market, where the insurers are deciding who can qualify for insurance and who doesn’t, every little bit helps.
The Kaseya attack of 2021, which we talk about more in our blog post about ransomware, was brought up on numerous occasions as a perfect example of the kind of thing insurance companies are desperately trying to prevent.
While our increasing technological interconnectedness has made life in the 21st century more efficient and fast than any other time in history, it has also left everyone vulnerable to widespread cyber security threats. It’s clear to cybersecurity experts and cyber insurers alike that one well-placed cyber attack could swiftly compromise huge sections of downstream companies and providers.
From an insurance point of view, this means that insurers are coming down harder than ever on Managed Services Providers, particularly ones that offer hosted services, and key cloud providers that act as online hubs for large swaths of the internet. Companies that fit that description would do well to lock down as much as possible, and expect an additional level of scrutiny from prospective insurers.
For those looking for more standardization across the market in terms of commonality between cyber insurers, there is some hope. Insurers at the conference last week agreed that a stabilization has occurred as far as standard base-level cybersecurity controls that will be required in 99% of cyber insurance applications.
All companies and organizations looking to get cyber insurance can start to expect a basic level of common requirements across the board: MFA, endpoint security, and secure back-ups. However, just like with other lines of insurance, each carrier will have unique questions, requirements, and policy details. A certain degree of uncertainty and difference continues to be baked into this market.
Overall, the Cyber Insurance Innovation conference last week confirmed for me that while insurers are making major strides in requiring companies to become more cyber secure, there is a great deal of work left to be done in order to help companies meet regulatory requirements and see cyber security as a positive benefit.
If you attended the conference as well, or have any questions about anything that was discussed at the conference, feel free to reach out to us at firstname.lastname@example.org.