Rising threats mean rising cybersecurity insurance premiums
Cybersecurity insurance has gone through many changes since its inception. As the threat landscape continues to evolve, so does cybersecurity insurance pricing. Policyholders experienced higher cyber insurance rates in 2022—according to CBIZ, an industry-leading financial and benefits insurance provider, some insurance customers with unique exposures or lacking loss control measures were hit with 50 – 100% rate increases.1 And along with these rate increases, many policyholders also experienced coverage restrictions—leading some to wonder if cybersecurity insurance is something that local governments can even consider. But with the average cost of a breach being $4.45 million2 and increasing, these organizations can be in a difficult position. While premiums may feel like a cost they cannot afford, if they are breached without insurance, they have minimal to no protection.
Minimize your cyber insurance premium
Cybersecurity insurance helps your organization respond to and recover from the financial implications of a cyberattack. Cyber insurance can help offset the costs of repairing systems, engaging experts, paying fines, recovering data, managing day-to-day disruptions, and more. With rising threats and an increasingly complex threat landscape, this has become more important than ever.
Insurance costs have risen due to the severity of cyberattacks. And while several factors impact your insurance premiums, organizations can do things to minimize the impact of a breach. Your organization’s risk is measured by your cybersecurity maturity posture, which insurance companies have put in questionnaires to determine. The higher the level of maturity, the lower the risk to the insurance company. Taking preemptive measures to strengthen your posture can make you a stronger candidate for insurance, lowering your cost while keeping you protected. And even if a cyberattack does occur, your higher maturity posture will make your organization more resilient and reduce the impact.
While many experts point out preventative measures you can take to achieve this, the tasks can seem overwhelming. The best way to determine your options for cyber insurance is to partner with your insurance broker as well as a trusted cybersecurity advisor. From there, you can consider different scenarios and understand your organization’s maturity.
Understand your organization’s cybersecurity maturity
A cybersecurity maturity assessment will show your organization’s current risk and exposure. This, followed by improvement recommendations, can help provide a path to a better posture for your organization.
At CAI, we use the 6 functions from National Institute of Standards and Technology (NIST) 2.0 when measuring cyber maturity:
- Identification—An organization’s ability to understand and recognize the cybersecurity risks to systems, assets, data, and capabilities
- Governance—Emphasizing that senior executives and the board of directors have the responsibility for managing cybersecurity risks as part of the organization's overall risk management strategy
- Protection—Developing and implementing the appropriate safeguards to ensure the delivery of services
- Detection—Identifying the occurrence of a cybersecurity occurrence or threat
- Response—Developing and implementing the appropriate actions regarding a cybersecurity occurrence or threat
- Recover—Deploying the appropriate activities to maintain resilience and to restore capabilities that were impaired due to a cybersecurity event
We consider each factor on its own and in relation to the other factors. The diagram below is an example of a maturity assessment we would provide to a partner organization that scores each element based on our criteria.
After your organization undergoes a maturity assessment, work with a trusted cybersecurity partner to develop a plan for improving your overall cybersecurity maturity over time. This plan is called a remediation roadmap; it provides a realistic approach to addressing gaps and improving your cybersecurity maturity. It is a key element of reducing your risk and improving your opportunities for lower insurance premiums. CAI scores your organization on 5 levels:
Level 1—The means to manage and organize processes are in development. Results are unpredictable and reactive.
Level 2—Repeatable and consistent processes. Projects are planned, performed, measured, and controlled.
Level 3—Further defined, repeatable processes are more proactive than reactive. Organization-wide standards providing guidance.
Level 4—The ability to measure and control processes quantitatively. The organization is data-driven with performance improvement objectives.
Level 5—Stable and flexible optimized processes. Focus on continuous improvement and designed to respond to opportunity and change.
Our goal is to help organizations reach a level 3 or better in all areas. The appropriate maturity level is based on the risks to the organization and the impact if breached or compromised.
With a stronger cybersecurity posture because of a maturity assessment, remediation roadmap, and best practice implementation, you’ll be better protected against cyber threats, and insurance companies will see you as a lower risk. Your premiums will lower and you’ll feel more secure as an organization.
Get started with a maturity assessment
Selecting the right broker and cybersecurity advisor will help you navigate this challenging path. With the right approach, you’ll feel the benefits of both a stronger cybersecurity posture and more affordable insurance rates. Also, you’ll be better equipped to cost-effectively protect your organization and minimize the impact if a breach occurs.
Working with our partners, we’ve developed a unique approach of tying common questions asked by insurance providers with the NIST framework and other standards. This knowledge helps organizations better understand which elements of their cybersecurity strategy they should prioritize optimizing.
If you’re looking to lower your cyber insurance premiums and want the help of a trusted partner, contact us at CAI to discuss if this is a good option for your organization.
- “The Top Cyber Liability Insurance Market Concerns in 2023.” CBIZ, Inc. https://www.cbiz.com/insights/articles/article-details/cyber-liability-insurance-market-concerns. ↩
- “Cost of a Data Breach 2023.” IBM. https://www.ibm.com/reports/data-breach. ↩