Mastering Cybersecurity Insurance Negotiations: A Comprehensive Guide

As data becomes more important to the enterprise than ever before, cybersecurity is now table stakes. Ransomware and other cyberthreats loom large, making it crucial for organizations to address cybersecurity at the very highest levels. Just a few years ago, databases and applications were prime targets. But as cybersecurity around those assets became more robust, the attention of threat actors has shifted to data storage. As the volume of data – especially unstructured data – has exploded it’s become more widely dispersed, both on-prem and in the public cloud. The result? A much larger target, with many more threat vectors, to which little attention has been paid. As attacks become more frequent – and more sophisticated – the issue of cyber insurance has bubbled up to the executive suite.

Cybersecurity insurance is designed to help organizations manage cybersecurity risk in a cost-effective manner. It helps protect against financial losses, reputational damage, and legal liabilities caused by cybersecurity threats and incidents. In this blog, we’ll review key considerations for preparing and negotiating with insurance underwriters. We’ll look at the challenge of maintaining regulatory compliance, and how leveraging security standards and frameworks like NIST can help in achieving lower insurance costs through robust, intelligent cybersecurity practices.

Understanding the Importance of Cybersecurity Insurance

In our interconnected ecosystem, where information systems and service providers play a pivotal role, the consequences of a cyber attack can be devastating. All organizations, large or small, public or private, need to prioritize improving cybersecurity around their critical infrastructure. Ransomware and other cyber threats can infiltrate sensitive data, disrupt business operations, and even erode public trust. Becoming a target is no longer a matter of if, but when. It’s become critical to prevent – or at the very least mitigate – damage before it happens.

Superna approaches this by monitoring for anomalous behavior and threats at the data layer. When we notice files being engaged with that aren’t normally accessed, or other unusual spikes in activity, we enable you to shut down an attack at the source, limiting its impact, and even simplifying recovery. This type of proactive approach, along with the ability to neutralize an attack before it can result in significant damage, is just one part of an holistic approach to cybersecurity. Perhaps more importantly, it’s one that can even help to reduce your cyber insurance costs.

According to Delinea’s 2023 State of Cyber Insurance Report, 96% of surveyed businesses purchased at least one new security solution before being approved by carriers

With the initial introduction of cyber insurance as a product, underwriters capitalized on the demand without having a full picture of what coverage would truly entail. After years of escalating cyber incidents and payouts, coupled with insights from historical incidents, breach data, and improved capabilities in quantifying risk, the industry is now using more rigid risk assessment practices, policies, and prices. This results in stricter requirements and being more prescriptive about cybersecurity best practices before granting coverage.

28% of smaller companies applied for cybersecurity insurance coverage and were denied, versus 8% of large companies. The top reason small companies were denied was the lack of security protocols (40%).

As organizations strive to manage cybersecurity risk, the first step is to establish a comprehensive cybersecurity program. This will involve various stakeholders, including cybersecurity experts, IT teams, risk management processes, and information security officers, who will work together to create security policies, implement security solutions, and ensure compliance with security standards and frameworks.

Maintaining Compliance and Framework Profiles

Compliance with internationally recognized security standards, such as NIST, is essential when discussing a cyber insurance policy with underwriters. Non-compliance can lead to higher pricing or even denial of coverage. It’s vital to create a common language with underwriters, ensuring they understand the security framework profiles and implementation tiers that your organization follows.

NIST Cybersecurity Framework: The NIST framework helps organizations identify, protect, detect, respond, and recover from cybersecurity threats. Implementing this framework showcases a risk-based approach to cybersecurity risk management.

For example, Superna’s suite of cyberstorage and data protection solutions adheres to the NIST framework by ensuring compliance across its 5 key attributes by:

1. Identifying threats by user name and IP address;
2. Protecting your data by stopping threats with user lockout in real-time;
3. Detecting anomalous behavior and well known extension detection at the data layer;
4. Responding to attack by sending email alerts, along with syslog and automated snapshot creation; and
5. Recovery through file level tracking and snapshot data. By dealing with only the impacted files, you also save on recovery. It’s much more efficient to recover 100 files than 100,000.

Prevention is crucial, as insurance won’t cover all costs or types of cyber attacks. In the same study, all respondents had at least one exclusion in their policy that would void coverage, and all respondents had at least one attack-related expense that wouldn’t be paid for by cyber insurance.

In some instances, cyber insurance will cover the cost of cyber recovery specialist companies. One of the goals post-attack includes identifying the root cause or entry point of the attack in order to bolster defenses in that area and plug the security hole. Through Superna’s forensics capabilities that sift through historical data, we can assist cyber recovery companies in pinpointing the origin of attacks.

Leveraging Security Controls and Solutions

To achieve lower pricing for your cyber insurance policy, it’s essential that you demonstrate a commitment to reducing cybersecurity risk through adaptive security controls and a robust security posture. Some things to consider:

Multi-Factor Authentication

Implementing multi-factor authentication is a proven method to enhance the security of your information systems. This strengthens access controls and reduces the risk of unauthorized access.

Risk-Based Approach

Employ a risk-based approach to cybersecurity risk management. By identifying and prioritizing vulnerabilities and cyber threats, you can allocate resources more effectively and reduce overall risk.

Information Sharing

Engage in information sharing with relevant organizations and the federal government to stay informed about emerging threats and vulnerabilities. Sharing threat intelligence can enhance your threat detection capabilities.

Incident Response Plans

Develop comprehensive incident response plans that align with your chosen security framework. This ensures a swift and effective response in the event of a cyber attack.

Cybersecurity Runbooks

As part of your organization’s incident response plan, having a cybersecurity runbook prepares your team by arming them with the directions and practice that could prove to be invaluable in a time of ambiguity that often follows a breach.

Self-Test Automation

One approach to ensuring your security efforts are doing their job is to self-test your defenses. Checking your security on a regular basis can provide you with peace of mind, knowing that things are working as they should, or allow you to detect gaps in your security. Superna’s Security Guard feature does just this, by simulating a ransomware attack on a daily basis to validate that all components are functioning, including alerting and lockout of user sessions.

Offline Data Requirements

Some underwriters may require proof of offline data protection to qualify for their products and services. This can come in the form of data encryption, as well as the efforts made to secure your data on the physical devices they are stored on. Superna offers two approaches to this in the form of our AirGap and Zero Trust Backup capabilities that are compliant with the offline data requirements found in many cyber insurance policies.

Building a Strong Relationship with Your Insurer

Building strong relationships with insurance companies is key to achieving cost-effective cybersecurity insurance pricing. By consistently demonstrating a commitment to best practices and a proactive approach to cybersecurity risk management, you make your organization more attractive to underwriters.

Regular Reviews

Regularly review your cyber insurance policy to ensure it aligns with your evolving cybersecurity program and critical infrastructure requirements. As your cybersecurity posture improves, you may become eligible for better terms and lower pricing.Information Systems Audits

Information System Audits

Conduct periodic audits of your information systems to ensure ongoing compliance with security standards. Engage external auditors to provide an objective assessment when necessary.

Information Sharing

Continue participating in information sharing initiatives, both within your sector and with the federal government. Sharing insights about emerging cyber threats and vulnerabilities will demonstrate your proactive approach to risk management.

Securing the Policy That’s Right for Your Organization

In an era of increasing cyber threats and cyber risk, cybersecurity insurance has become a critical component of business risk management, whether in the public or private sector. Preparing for discussions with insurance underwriters requires a deep understanding of risk management processes, compliance with internationally recognized security standards, and a commitment to reducing vulnerabilities and protecting against cyber attacks. By following these guidelines and continuously improving your cybersecurity posture, you can not only protect your organization from potential financial losses but also negotiate more favorable terms and pricing with your insurance provider. Remember, a proactive approach to cybersecurity and strong relationships with insurance companies can make all the difference in safeguarding your business and its future.