How To Obtain the Right Cybersecurity Insurance for Your Business

Cyber insurance has become a necessity, and the cost and effort to obtain it can be considerable. Still, your organization can boost its odds of landing the coverage it needs at a fair price that’s consistent with its risk profile. Check out the invaluable advice from a panel of experts from the insurance, legal and cybersecurity fields.

Cyber insurance has increased in popularity, going from a “nice to have” to a “must have” for many organizations. The reasons are varied. Increasingly customers require it from their vendors. Also, more and more boards of directors are asking that their companies get it. 

Whatever the reasons may be, chances are your organization will need to look for coverage, if it hasn’t already done so. Obtaining a policy has become more difficult in today’s cyberthreat landscape, with insurers asking for much more data about your cybersecurity processes and controls. If you’re able to get a policy, it will likely be at a higher price, with a higher deductible, and less coverage than in years past.

However, there are ways to make the process smoother and to increase your chances of getting cyber insurance with the coverage you need and without having to overpay. That’s a key takeaway from our recent webinar “Securing the Right Cyber Insurance for Your Business Is No Joke,” which you can watch on-demand.

Below we highlight five recommendations shared by experts from Tenable, PNC Financial Services and Measured Analytics and Insurance during the webinar.

Have basic cyber hygiene in place

If your organization has solid “cybersecurity 101” preventive practices in place, such as promptly patching critical vulnerabilities, securing remote desktops and using multi-factor authentication, cyber insurers will deem the organization less risky – and the insurance premiums will reflect that.

“A lot of it is about having a basic level of cyber hygiene,” said Ray Komar, Tenable’s VP of Technology and Cloud Alliances.

Adopt a cybersecurity framework

Closely related to the first recommendation is adopting a cybersecurity framework such as those from the U.S. National Institute of Standards and Technology (NIST), the Center for Internet Security (CIS) and MITRE. These frameworks provide clear guidance for establishing foundational cybersecurity processes that strengthen your organization’s security posture and reduce risk.

“Pick a framework and map to it, and it’ll make your life easier as you go into this,” said Sam Strohm, Senior VP and Director of PNC’s Global Security Fusion Center.

Start your cyber insurance process early

Due to the rise in cyberattacks, and the resulting spike in claims and losses, insurers are requiring a lot more information from organizations, so it’s a good idea to start the buying process anywhere between three and six months in advance.

“It’s a very elongated process,” Strohm said.

Craft a multi-departmental team

Key to successfully gathering all the data cyber insurers require is putting together a team with representatives from IT, security, finance and legal – and any other department that may be able to help with the process. Not only are insurers’ questionnaires long, they increasingly require that answers be backed with evidence and hard data.

“Start the process early and ensure you have a focused, cross-functional team ready to respond to insurer questionnaires” said Michelle VonderHaar, Tenable’s Chief Legal Officer and General Counsel.

Understand what data is ok and not ok to share with insurers

Although insurers are asking for more data than ever, your organization shouldn’t – and doesn’t need to – share data like individuals’ personally identifiable information (PII) that might put it in violation of data privacy regulations.

Insurers need to know, for example, the scale of a business and how many customer records it stores, as well as how effective and comprehensive its cybersecurity protections are. “We’re not looking for the PII,” said Vince McCarthy, President of Measured Analytics and Insurance, a Tenable cyber insurance partner. 

“We’re looking at the data that speaks to your opportunity to respond to systemic risk by putting in place the right protections,” McCarthy added.

To get all the details from the panel discussion, watch the webinar on-demand. Read Tenable's Cybersecurity Insurance Checklist to see how Tenable can help you meet cyber insurance requirements. If you’re interested in learning more about Measured Analytics and Insurance and the benefits of being a Tenable customer, click here.