Get in Touch Close Menu

How to Lower Cyber Insurance Premiums

16 November 2022

The frequency and sophistication of cyberattacks and the expenses these incidents cause are rising. The average data breach cost has increased to a record high of £3.77 million.   

As a result of these rising costs, a growing number of organisations are forming partnerships with cybersecurity insurers.  

Cyber insurance costs have also increased to meet the demand for insurance. According to the Council of Insurance Agents and Brokers, cyber premium prices increased by an average of 27.5% in the first quarter of 2022.  

Sapphire cyersecurity: cyber threats

What is Cybersecurity Insurance, and Why do you need it?  

Cyber insurance, commonly referred to as cyber-liability insurance, is a type of insurance that aids in shielding organisations from the repercussions of hacking and cyberattacks.  

Cyber insurance can minimise the organisation disruption caused by a cyber incident (and its aftermath). It could also cover some of the associated costs.   

The NCSC suggests:  

“Cyber insurance will not instantly solve all your cybersecurity issues and will not prevent a cyber breach/attack. Just as homeowners with household insurance are expected to have adequate security measures, organisations must continue to implement measures to protect what they care about.”

Sapphire cyersecurity: cyber attack on cyber insurers

What Kinds of Coverage Can You Get for Cyber Insurance?  

All types of organisations are susceptible to cyberattacks. Your information, privacy, and operations are all at risk, so it’s good to know what coverage you can get.   

Coverage for Privacy Liability  

Privacy liability cyber insurance is crucial for businesses with privacy or information threats. Data breaches that expose employee and customer information put your infrastructure at risk and will subject your organisation to legal liability.   

Cyber insurance will shield your organisation from liabilities via privacy liability coverage in the case of a violation of privacy law or a cyber incident. Regulatory inquiries might incur these third-party expenses if you have obligations under a contract or liabilities due to regulatory investigations.   

Examples include defending your organisation from consumer class action lawsuits and paying for a settlement following a data breach or cyber catastrophe.   

Security for Networks  

Most cybersecurity insurance policies should cover network security. You need network security protection if you want to safeguard the information and privacy of your organisation. This cyber insurance policy will protect your organisation if your network security fails.   

Coverage for Errors and Omissions  

Errors and omissions (E&O) coverage guards against cyber incidents that prevent you from delivering services to customers/meeting your contractual commitments. Claims relating to mistakes or performance issues in your benefits, such as software or consulting services or conventional professional services provided by engineers, doctors, or lawyers, are also covered under E&O coverage.   

Additionally covered are claims of negligence or contract violations, as well as the cost of defending oneself in court or a customer dispute.   

Media Coverage of Liability  

Besides patent infringement, media liability coverage protects you from violating intellectual property. This protection often covers offline and online advertising, including social media updates from your organisation. 

To safeguard your organisation’s intellectual property, you should include media liability coverage in your cybersecurity insurance policy.   

Coverage for Network Business Interruptions  

To protect your organisation against operational cyber risk, you must include network organisation interruption coverage if your organisation is dependent on technology.   

You can use this coverage to pay fixed costs, lost profits, and additional expenditures incurred when a network outage impacts you or your network or your provider’s network goes down. Coverage extends to system failures like human error or unsuccessful software patches and security failures resulting from incidents like cyberattacks.   

Sapphire cyersecurity: cyber insurance companies

How To Lower Your Cyber Insurance Premium  

While you can receive a safe driving discount on care insurance or lower healthcare charges by declaring that you do not smoke, there is no generally publicised fee reduction scheme for cyber insurance premiums. 

However, many carriers may reduce premiums if you follow industry standards and execute cybersecurity best practices.   

Implementing the following advice will result in additional cost savings depending on your industry, organisation size, annual revenue, insurance provider etc.  

Carry out periodic penetration testing   

You’ll be more likely to find vulnerabilities that could result in a breach if you run a penetration test at least once a year. A pen test reduces your risk profile in the eyes of the insurers.    

Work with a dependable outside security partner, to identify your vulnerabilities and develop a plan for resolving them.    

Implement a strict policy for password management   

Some insurers will only offer you coverage if you use password best practices. Best examples of strong passwords feature a combination of: 

  • lowercase and uppercase letters 
  • digits, and symbols 
  • characters that are eight characters or longer and words not found in a dictionary 

Other best practice includes: 

  • Creating separate passwords for each service and your team. To supplement the use of passwords, think about adding two-factor authentication. 
  • Use encryption to protect sensitive information and personally identifiable data. 
  • Any sensitive data, whether at rest or in transit, should be encrypted. Maintain the secrecy of your encryption key and exercise caution in deciding who has access to it. 

Discretionary record access, storage, and transfer   

The volume of records you regularly access, keep, and transfer is one of the significant factors in the cost of cyber insurance. Controlling the number of documents you handle is a simple approach to reducing this.    

Work with your current provider   

Working with the carrier covering your property or general organisation liability may result in cost savings, just as bundling your house and vehicle coverage can.    

Sapphire cyersecurity: cyber security strategy

What Does Cyber Insurance Not Cover?   

Cybersecurity insurance has exclusions that prospective policyholders should be aware of, just like any other insurance policy.  

A cybersecurity insurance policy often excludes the following coverages:    

  • Expenses associated with repairing your internal technology systems after a cyber incident.    
  • Value reduction brought on by the theft of intellectual property from your organisation.    
  • Future potential loss of earnings.    

Even though these damages or expenses might not be covered by the typical standards for cyber insurance, getting cybersecurity insurance is important. 

If you want to know more about how to lower your cyber insurance premiums with the help of Sapphire, get in touch below. 

Related Articles

CASE STUDY: FINTECH ORGANISATION
14 November 2022

To support its continued growth, a Fintech organisation wanted to show prospective clients evidence of its security maturity while protecting its infrastructure and achieving regulatory compliance with the Financial Conduct Authority (FCA).

Find Out More
What is Cyber Security Awareness Training?
9 November 2022

Security awareness training objective is to ensure that employees understand the role they can play in helping to enhance and enforce the organisations’ security. From understanding data protection requirements to being able to spot the telltale signs of a phishing email, your employees are your first and foremost defence against a security breach.

Find Out More
Endpoint Protection: What is NDR, EDR & XDR?

‘What are the differences between these three types of detection and response?’ Unlike legacy security tools, network detection and response don’t rely on signature-based security tools. They often can’t detect new cyber attacks unless these signatures have already been recognised as cyber attacks on a network. However, NDR works to monitor and analyse networks via built-in response capabilities.  

Find Out More