Cybersecurity

Cybersecurity insurance can be affordable

With a stronger cybersecurity posture because of a maturity assessment, remediation roadmap, and best practice implementation, you’ll be better protected against cyber threats, and insurance companies will see you as lower risk.

Rex Johnson professional photo

Rex Johnson

Executive Director, Cybersecurity

banner image

Rising threats mean rising cybersecurity insurance premiums

Cybersecurity insurance has gone through many changes since its inception. As the threat landscape continues to evolve, so does cybersecurity insurance pricing. Policyholders experienced higher cyber insurance rates in 2022—according to CBIZ, an industry-leading financial and benefits insurance provider, some insurance customers with unique exposures or lacking loss control measures were hit with 50 – 100% rate increases.1 And along with these rate increases, many policyholders also experienced coverage restrictions—leading some to wonder if cybersecurity insurance is something that local governments can even consider. But with the average cost of a breach being $4.45 million2 and increasing, these organizations can be in a difficult position. While premiums may feel like a cost they cannot afford, if they are breached without insurance, they have minimal to no protection.

Minimize your cyber insurance premium

Cybersecurity insurance helps your organization respond to and recover from the financial implications of a cyberattack. Cyber insurance can help offset the costs of repairing systems, engaging experts, paying fines, recovering data, managing day-to-day disruptions, and more. With rising threats and an increasingly complex threat landscape, this has become more important than ever.

Insurance costs have risen due to the severity of cyberattacks. And while several factors impact your insurance premiums, organizations can do things to minimize the impact of a breach. Your organization’s risk is measured by your cybersecurity maturity posture, which insurance companies have put in questionnaires to determine. The higher the level of maturity, the lower the risk to the insurance company. Taking preemptive measures to strengthen your posture can make you a stronger candidate for insurance, lowering your cost while keeping you protected. And even if a cyberattack does occur, your higher maturity posture will make your organization more resilient and reduce the impact.

While many experts point out preventative measures you can take to achieve this, the tasks can seem overwhelming. The best way to determine your options for cyber insurance is to partner with your insurance broker as well as a trusted cybersecurity advisor. From there, you can consider different scenarios and understand your organization’s maturity.

Understand your organization’s cybersecurity maturity

A cybersecurity maturity assessment will show your organization’s current risk and exposure. This, followed by improvement recommendations, can help provide a path to a better posture for your organization.

At CAI, we use the 6 functions from National Institute of Standards and Technology (NIST) 2.0 when measuring cyber maturity:

  1. Identification—An organization’s ability to understand and recognize the cybersecurity risks to systems, assets, data, and capabilities
  2. Governance—Emphasizing that senior executives and the board of directors have the responsibility for managing cybersecurity risks as part of the organization's overall risk management strategy
  3. Protection—Developing and implementing the appropriate safeguards to ensure the delivery of services
  4. Detection—Identifying the occurrence of a cybersecurity occurrence or threat
  5. Response—Developing and implementing the appropriate actions regarding a cybersecurity occurrence or threat
  6. Recover—Deploying the appropriate activities to maintain resilience and to restore capabilities that were impaired due to a cybersecurity event

We consider each factor on its own and in relation to the other factors. The diagram below is an example of a maturity assessment we would provide to a partner organization that scores each element based on our criteria.

graph outlining the six elements of cyber maturity and how they are measured on a numbered scale
Figure 1: An overview of the 6 elements of cyber maturity - govern, identify, protect, detect, respond, and recover - and how they can be measured and improved over time.

After your organization undergoes a maturity assessment, work with a trusted cybersecurity partner to develop a plan for improving your overall cybersecurity maturity over time. This plan is called a remediation roadmap; it provides a realistic approach to addressing gaps and improving your cybersecurity maturity. It is a key element of reducing your risk and improving your opportunities for lower insurance premiums. CAI scores your organization on 5 levels:

Level 1—The means to manage and organize processes are in development. Results are unpredictable and reactive.

Level 2—Repeatable and consistent processes. Projects are planned, performed, measured, and controlled.

Level 3—Further defined, repeatable processes are more proactive than reactive. Organization-wide standards providing guidance.

Level 4—The ability to measure and control processes quantitatively. The organization is data-driven with performance improvement objectives.

Level 5—Stable and flexible optimized processes. Focus on continuous improvement and designed to respond to opportunity and change.

Our goal is to help organizations reach a level 3 or better in all areas. The appropriate maturity level is based on the risks to the organization and the impact if breached or compromised.

Image of 5 boxes in a row explaining the five increasing levels of cyber maturity, 1 being the lowest and 5 being the highest.
Figure 2: An overview of the 5 stages of cybersecurity maturity as defined by NIST and CAI.

With a stronger cybersecurity posture because of a maturity assessment, remediation roadmap, and best practice implementation, you’ll be better protected against cyber threats, and insurance companies will see you as a lower risk. Your premiums will lower and you’ll feel more secure as an organization.

Get started with a maturity assessment

Selecting the right broker and cybersecurity advisor will help you navigate this challenging path. With the right approach, you’ll feel the benefits of both a stronger cybersecurity posture and more affordable insurance rates. Also, you’ll be better equipped to cost-effectively protect your organization and minimize the impact if a breach occurs.

Working with our partners, we’ve developed a unique approach of tying common questions asked by insurance providers with the NIST framework and other standards. This knowledge helps organizations better understand which elements of their cybersecurity strategy they should prioritize optimizing.

If you’re looking to lower your cyber insurance premiums and want the help of a trusted partner, contact us at CAI to discuss if this is a good option for your organization.

Endnotes

  1. “The Top Cyber Liability Insurance Market Concerns in 2023.” CBIZ, Inc. https://www.cbiz.com/insights/articles/article-details/cyber-liability-insurance-market-concerns.
  2. “Cost of a Data Breach 2023.” IBM. https://www.ibm.com/reports/data-breach.

Related resources

Webinar On-Demand

New talent, proven procedures

Recorded LinkedIn Live event with CAI: Finding the right talent and implementing proven procedures are the first critical steps to improving your cybersecurity posture.

View this resource →
Article

How local governments can get ahead of their threat opponents

Read our expert opinion on cyberattacks and concerned cybersecurity measures in conversation with the Center for Digital Government.

View this resource →
Service

Cybersecurity

Flexible and inclusive cybersecurity defense suite for organizations of any size

View this resource →

Let's talk!

Interested in learning more? We'd love to connect and discuss the impact CAI could have on your organization.

All fields marked with * are required.
Please correct all errors below.
Please agree to our terms and conditions to continue.

For information about our collection and use of your personal information, our privacy and security practices and your data protection rights, please see our privacy policy and corresponding cookie policy.