CyberArk Glossary >

Cyber Insurance

Businesses purchase cyber insurance (also known as cybersecurity insurance) to mitigate financial loss due to cyber attacks and data breaches. Cyber insurance coverage may include costs associated with:

  • Lost income due to business disruption
  • Ransomware payments
  • System restoration
  • Data recovery
  • Forensic analysis
  • Customer notifications

Cyber liability insurance has been available in one form or another since the 1990s. But a spate of ransomware attacks and data breaches during the COVID pandemic upended the cyber insurance industry, forcing insurance providers to significantly raise premium rates, reduce coverage and benefits, and be far more selective when issuing and pricing policies.

Containing Cyber Insurance Cost

Historically, insurers issued cyber insurance policies with few questions asked. Today, most underwriters take a close look at an applicant’s risk profile when pricing premiums and approving policies. Applicants are usually required to complete detailed questionnaires and are often asked to provide evidence to back up their responses.

Some insurers leverage open-source scanning tools such as OpenSCAP and OpenVAS to examine policyholder networks for vulnerabilities. Some use free security rating services such as BitSight and SecurityScorecard to assess risk. And many use independent cybersecurity firms to evaluate customers proactively.

Businesses can contain cyber insurance costs by demonstrating they have strong identity security controls and best practices to protect against phishing and credential theft and defend against ransomware, data breaches and other threats.

Demonstrating Readiness with Strong Identity Security Controls

While every insurance provider is different, most underwriters look for the following identity security solutions when assessing risk and pricing policies:

  • Multi-factor authentication (MFA) solutions to positively confirm the identity of remote employees and privileged users such as system administrators and third-party IT support vendors. MFA is a core requirement for cyber insurance—especially for authenticating privileged user access. Many insurance companies will deny coverage to businesses lacking comprehensive MFA controls.
  • Privileged access management (PAM) solutions to protect and audit access to privileged accounts (superuser, domain administrator, etc.) used by system admins and other privileged users. Privileged access is often granted dynamically via automated workflows or approval processes and is typically enabled for a limited, prescribed time to perform a specific function.
  • Endpoint detection and response (EDR/XDR) solutions to detect and thwart unusual activity on servers, workstations and virtual machines.
  • Privileged endpoint security solutions to remove local admin rights on laptops and desktops and give users the minimum set of privileges they need to perform their day-to-day activities.

Demonstrating Readiness with Best Practices

The best practices cyber insurance underwriters typically look for include:

  • Employee education programs to increase cyber awareness and teach employees about phishing attacks and other scams used to launch ransomware and disrupt IT systems.
  • Incident response plans to ensure policyholders have detailed ransomware playbooks and threat detection and mitigation plans in place.
  • Patch management best practices to ensure IT systems and endpoints are running current software releases.
  • Data backup and recovery best practices to ensure policyholders can restore businesses’ critical data in the wake of a cyber incident or catastrophe.

Learn More About Containing Cyber Insurance Costs

関連用語リスト