When reviewing cyber insurance policies, companies must be vigilant about exclusions and limitations that could leave them exposed.
Richard Breavington, Partner and Head of Cyber and Tech Insurance at law firm RPC, points out that policies could include exclusions regarding specific minimum security standards that organisations are expected to meet.
For example, insurers may require proof of multi-factor authentication, effective patch management, or other cyber-security measures. Failure to meet these requirements can result in denied claims.
The cyber insurance landscape is continually evolving, with insurers placing greater emphasis on the security measures policyholders have in place. Breavington notes that underwriters are increasingly focused on assessing these security protocols and requiring assurances that minimum standards are maintained.
Another critical factor shaping the scope and cost of cyber insurance is evolving data protection laws. As regulations become more stringent, they increase the burden on organisations during a cyber incident, potentially leading to higher costs. Breavington explains that complying with these obligations could result in more significant losses and impact the cost and availability of cyber insurance.
The growing role of AI in cyber insurance
In addition to understanding policy exclusions and meeting security standards, companies must consider the growing role of advanced technologies such as artificial intelligence (AI) and identity security solutions. As cyber threats become more sophisticated, insurers are increasingly requiring proof of robust security measures to reduce risk and maintain coverage.
A recent Cyber Insurance Report by Delinea, a provider of centralised authorisation solutions, highlights that 41% of insurance companies now demand evidence of least privilege access controls before granting a policy.
Nearly half (47%) of attacks leading to insurance claims are linked to identity and privilege compromises. Investing in identity security measures has become essential for securing cyber insurance and reducing premiums.
Rick Hanson, President of Delinea, says: “Insurance companies increasingly require proof of robust identity controls. Given that identity and privilege compromises account for a significant portion of claims, this is hardly surprising. Investing in identity security solutions has become essential for securing cyber insurance.”
Hanson emphasises that AI-driven solutions can enhance security while deploying quickly and efficiently, ensuring organisations meet stringent insurance requirements with fewer resources.
Leveraging AI for better insurance terms
Companies should also consider the adoption of AI-supported threat detection and monitoring solutions. AI-supported threat detection enhances cyber security by using algorithms to identify real-time threats.
It detects anomalies, predicts attacks, automates responses and improves accuracy through continuous learning, strengthening an organisation's security. The Delinea report reveals that half of US companies are now leveraging AI to lower their cyber insurance premiums.
Advanced AI technologies can provide real-time threat intelligence and automate responses, reducing the likelihood of incidents and, consequently, the cost of coverage.
For companies looking to keep premiums low and coverage robust, integrating AI into their cyber-security strategies is becoming crucial. Insurers view organisations using AI-driven solutions more favourably, as these technologies help manage risks, detect potential threats and respond swiftly to incidents.
Organisations should also consider cyber insurance as part of a holistic risk management strategy. This involves not only meeting the minimum requirements set by insurers, but also demonstrating a proactive approach to cyber security, including regular assessments, employee training and advanced technological adoption. By doing so, businesses can strengthen their overall cyber-security posture and align with board-level expectations for governance and risk management.
Moreover, an organisation that has obtained the National Cyber Security Centre’s Cyber Essentials certification, or the Plus certification, may find it advantageous, not only for enhancing its security posture, but also in reducing premiums. Notably, Cyber Essentials includes a basic level of cyber liability insurance (up to £25,000 indemnity) that may be suitable for many small businesses.
Myrna Soto, CEO of Apogee Executive Advisors, points out: “Organisations must prioritise managing privileged access, a key focus for underwriters due to its role in breaches. Strong identity security not only strengthens security, but also leads to better insurance terms and aligns with board-level expectations.”
Integrating cyber insurance into broader risk management strategies
Cyber insurance should not be viewed solely as financial recovery, but as a vital part of a company’s broader risk management strategy. “Cyber insurance policies often include not just indemnity for breach management costs, but also the provision of pre-approved third-party vendors to engage during a cyber-security incident,” says Breavington. Understanding these services can help businesses maximise resources and maintain coverage during an incident.