Preparing for cyber insurance 2022 renewals

Preparing for cyber insurance 2022 renewals | Insurance Business America

Preparing for cyber insurance 2022 renewals

Rate increases. Reduced capacity. Ransomware sublimits. Coinsurance. Higher deductibles. Supplemental applications. These are all things that cyber insurance brokers and their clients must be prepared for ahead of the 2022 renewal season. If they don’t consider them, they’ll be in for a rough ride.

With the frequency and severity of cyber insurance losses on the rise, carriers are implementing strategies to mitigate their own exposures. Some of these strategies, such as rate increases in excess of 100%, may seem unduly harsh to clients, and yet they are necessary to ensure the long-term stability of the cyber insurance market.

“Rates have hardened significantly throughout this year, and we believe that rates will likely continue to harden as we go into 2022,” said Oren Wortman (pictured), managing director of the national cyber practice with Beecher Carlson, part of the Brown & Brown team. “For risks or organizations that may not have all of the desired controls in place, we’re absolutely seeing significant ransomware sublimits, we’re absolutely seeing reduction in capacity, and we’re absolutely seeing much higher retentions being asked for. That’s pretty much standard.”

Read next: Cyber security 101 - How businesses can mitigate their risks for 2022

The controls that Wortman is referring to are risk mitigation measures like enforcing multi-factor authentication (MFA) across the corporate network, conducting regular employee training, closing remote desktop protocol (RDP), completing software patches and updates, and if a company has the budget, using endpoint detection and response (EDR) tools to detect and mitigate cyber threats. 

“Carriers are now requiring MFA in a very broad way – for remote access, privileged accounts inside of the network, and for all Cloud and software-as-a-service solutions. Really, they want MFA enforced for everything where it is possible and feasible,” said Wortman. “Another thing they’re focused on is the external attack surface; they want to make sure it’s locked down. And they want to ensure that insureds have a strong disaster recovery plan, making sure that their backups are held in a separate, secure location, and they require MFA for access.

“Every single underwriter is also asking about the news reel highlight of the day, or of the month, or quarter, or year. Every application nowadays includes questions like: Have you had any exposure to SolarWinds, Microsoft Exchange Marauder vulnerability, or the Windows Print Spooler vulnerability? They go through basically a list of the top events that we heard about this year and ask clients if they’ve had exposure to it? If yes, they want all of the detail as to how they mitigated it, how they checked if there were any indicators of compromise in their environment, etc.”

Some carriers will accept compensating controls, according to Wortman, for clients who perhaps haven’t yet deployed MFA for all privileged accounts, but they have implemented other measures, such as locking privileged accounts inside a privileged access management vault. As long as businesses have a well-documented plan in place to show carriers how and when they plan to complete certain security measures, then they will usually get coverage.

Read more: Cyber threat landscape is changing – how can businesses keep up?

That planning and documenting is also important when it comes to renewals, Wortman stressed. He told Insurance Business: “I would say the number one thing that insureds can do, and what we try to do with all of our clients is get engaged very early and very far in advance of the renewal. Typically, and historically, maybe you would start the process a couple of months out, you’d fill out the applications and the supplementals (if they were even required), and it would largely be more or less a box checking exercise.

“Nowadays, we’re getting engaged with our clients anywhere from a minimum of four to six months in advance of the renewal and actually working very closely with them through advisory services on: ‘You have these gaps in your cyber security. This is what will likely be called out by the markets. Let’s work together to figure out what we can put in place as compensating controls or to mitigate the perception that there’s a lack of control’.

“We’ve had very good success with that. An anecdotal example is, we had one client whose renewal originally came in quoted in excess of a 300% rate increase year-over-year. We worked very closely with them on addressing the insurer’s concerns. After addressing the concerns and having a follow up call with the underwriter, we got their renewal down from that 300+% to the 90+% range. Still not the desired result, but relatively speaking, it was a big improvement.”

“It’s a “challenging, challenging market,” according to Wortman, but one where brokers and their clients can find success if they implement the appropriate controls and communicate early with the markets to tell their stories.