Will my company need to spend more on its cyber risk insurance or not? Every company shopping for cyber risk insurance wonders about this, especially given the security risks of AI and major global outages that come out of the blue, like the recent CrowdStrike outage that snarled global business for days.
With the additional risks posed by AI and advancing technologies, cyber risk insurers are more careful than ever during client assessments these days. Is there one standard rule of thumb they’re using to set policy prices? Unfortunately, no. The truth is, your policy coverage levels and costs are entirely customized to your business and its needs, no matter what brokerage you work through. In the end, that customization is a good thing.
How Cyber Risk Insurers Assess Your Company Risk
Before writing a policy, we usually coordinate with your IT team or managed IT service provider to assemble your cybersecurity documentation. With this information, we’ll better understand the cybersecurity tools you’re running and how they are maintained. We’ll also understand your systems and how deeply good cybersecurity practices are embedded in your corporate culture.
At EA Partners, we do a thorough assessment before writing any policy, evaluating clients based on these factors:
- Your industry — including your regulatory load and data loss risks
- Your size — including the number of employees, locations, and number of devices/endpoints on your system
- Revenues — how much your company brings in and how quickly those revenues would be impacted during an outage
- Your cyber risks, including —
- How well your cybersecurity tools work together and your commitment to a Responsible IT Architecture
- How much of your business is dependent on third-party software providers
- The amount of data that you must protect and the monetary impact of a loss of that data
- The deductibles you are willing to pay
- Your backup and disaster recovery plan
- The completeness of your written cybersecurity plans, policies, and procedures, as well as your written monitoring and patching reports
- The waiting period you can withstand before losses accrue
- The quality and track effectiveness of your employee cybersecurity awareness training
- Your commitment to login security and multi-factor authentication
- Your regulatory exposure and compliance operations
Want to Ensure a CrowdStrike-Style Outage Doesn’t Take Down Your Revenues? Integris Can Help.
EA Partners works with Integris to provide Integris Cyber Insure to its clients. In my opinion, it’s one of the most comprehensive plans you can buy for the price. We’d love to help you create a customized cyber risk insurance plan that will cover you for all the significant risks in our online world. Contact us today for a free consultation.