Though you may have cyber coverage in place today, the insurance space has wildly changed in the past 60 days. Social engineering, ransomware, business email compromise, supply chain attacks, and cloud computing cybersecurity threats are increasing significantly. This notice serves to educate you that insurance carriers are actively non-renewing coverage, providing lower limits, raising deductibles, adding new exclusions, and/or significantly increasing premiums by a factor of two, three, or even more. CLICK HERE to view webinar discussing the important cybersecurity risk controls that your company should have in place today from both a risk management and underwriting perspective

Underwriters are not only reviewing submitted applications, but also taking a hard look at the cyber risk controls that companies have in place and asking additional questions regarding your current cyber risk controls.  If those cyber risk controls are not up to par with underwriting requirements, then your company will be facing an adverse cyber renewal.

A key cyber risk control that underwriters are requiring in order to even consider offering cyber renewal terms is Multi-Factor Authentication (MFA). MFA helps to significantly reduce theft of credentials by requiring a user to verify their identity in multiple ways. MFA uses three categories of factors of which at least two factors need to be used: Knowledge, Possession, Biometric.

All insurance carriers and underwriters are requiring MFA for:

  1. All Email Access
  2. All Remote Network Access
  3. All Access to Administration/Privileged Accounts (separate MFA required)
  4. All Access to Back-ups

MFA implementation is crucial to keeping your company secure, as well as for obtaining cyber renewal terms for your upcoming cyber insurance renewal. Other important cyber risk controls that underwriters have begun to require include:

  1. Endpoint Detection and Response (EDR)
  2. Back Up Segregation
  3. Employee Training, Including Phishing Exercises
  4. Confirmation on Remediation of Vulnerabilities if a Client Uses SolarWinds or Microsoft Exchange

For more information, please reach out to your Cottingham & Butler representative.