Cyber Benchmarking:Traditional Benchmarking Doesn't Work in 2022
CYBER CONTROLS DICTATE PRICE & LIMITS AVAILABLE
We surveyed 7 of the most active cyber insurance carriers and asked for their top three cyber security items they look for when underwriting a risk. This chart shows the answers we received more than once.
If you do not appropriately address these minimum-security controls, your price could be 2-3x what a peer would pay who has good controls. And more likely than just paying a premium, you won’t be able to secure the limits you need if you don’t have solid controls.
MFA (Multi-factor Authentication) – layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login
EDR (Endpoint Detection & Response) – integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data
Encrypted Backups – an extra security measure that is used by entities to protect their data in the event that it is stolen, misplaced, or compromised in some way
Open RDP (Remote Desktop Protocol) – enables network administrators to remotely diagnose problems that individual users encounter and gives users remote access to their physical work desktop computers
Email Screening – the screening of emails for threats prior to them reaching their destination
RATES ARE RAPIDLY INCREASING
Rate increases accelerated last year from35% in Q1 to 130% in Q4. Any price benchmarking data that is more than a couple weeks old is going to be irrelevant.
- It’s not about how much coverage your peers purchase or how much you need, it’s about how much you can secure and can afford
- Price is impacted by your individual cyber security controls more than it is by your industry, revenues, or record count
- It is more important to benchmark your cyber security controls against your peers than it is your insurance cost or limits
WHAT WE ARE SEEING IN THE MARKET
- Carriers have reduced their capacity and are no longer willing to provide more than $5M limits on a single risk
- Underwriters are seeing an increase in submissions of 700%+and many quotes come down to the last minute
- If you have poor controls, you likely won’t be able to secure additional limits no matter what you’re willing to pay for them
- Many insurers are limiting their exposure to ransomware, cyber business interruption, and other first party exposures
Talk to us about your cyber risk mitigation strategy.
This material has been prepared for informational purposes only. BRP Group, Inc. and its affiliates, do not provide tax, legal or accounting advice. Please consult with your own tax, legal or accounting professionals before engaging in any transaction.