Cyber Insurance Threats and Underwriting Requirements


Cyber insurance premiums are continuing to rise drastically in 2022. Insureds have seen premium increases from 50% to 400%.  Premiums have increased due to a spike in claim frequency and severity.  In the last 18 months, there have been many cyber breaches, but there are three that stand out: SolarWinds, Microsoft Exchange and Log4j.  It is estimated that the breaches of these three companies have affected over 250,000 servers worldwide.

SolarWinds develops software for businesses to help manage their networks, systems, and information technology infrastructure.  In 2020, hackers accessed SolarWind’s systems and added malicious code into the company’s software called Orion.  SolarWinds unknowingly sent out software updates to its customers, that included the infected software.  It is estimated that 18,000 customers downloaded the infected Orion update.

Microsoft Exchange is an email server that runs on Windows Server operating systems. Exchange uses Microsoft Outlook, which can connect to and manage email from a variety of sources.  In early 2021, it was discovered that  Microsoft Exchange servers had been infected by attackers, giving them full access to emails and passwords on affected servers. Approximately 30,000 US companies were affected by the infected Microsoft Exchange servers.

Log4j is a popular library for logging data in Java applications. Practically every organization that uses Java uses Log4j and has been affected by the log4shell vulnerability. Near the end of 2021, it was reported that hackers had launched over a million attacks on companies in less than a week.

The Log4j vulnerability enables a remote attacker to take control of a device and then download all valuable and sensitive data.  Cyber Security Company Tenable Inc considers Log4j “The single biggest, most critical vulnerability of the last decade”.

When cyber underwriters review a submission to consider quoting, they will want to know if the major breaches outlined above have affected the insured applying for cyber insurance. The underwriter will also ask if the insured has a Security Operation Center (SOC).  A SOC is a centralized function within an organization where people, processes, and technology that constantly monitor and improve an organization’s security posture.  The SOC also works towards preventing, detecting, analyzing, and responding to cybersecurity incidents.

 The cyber underwriter will also want to know if the insured has appropriate security protocols in place that ensure their data systems are resilient to a cyber breach. The underwriter will specifically ask if the insured employs the following six cybersecurity risk mitigation strategies.

Six Cyber Protection Protocols to Help Insureds

Multi-Factor Authentication — Multi-Factor Authentication (MFA) is an additional layer of security used to authenticate a user, such as a thumbprint or a unique code that is sent to their phone by text message, before they are allowed to access.  If an applicant does not have MFA, it is an automatic declination by most cyber insurance underwriters.

 Endpoint Detection and Response — Cyber insurance underwriters require that businesses use endpoint detection and response (EDR).  These solutions are designed to detect and respond to endpoint anomalies. They are not designed to replace Intrusion Detection and Prevention Systems (IDPS) solutions. EDR solutions provide in-depth endpoint visibility and analysis.

Remote Desktop Protocol ports (RDP) — RDP ports are considered a preferred target of hackers.  RDP ports are for remote workers so they can access their office desktop and the company database offsite.  Hackers have developed methods of identifying and exploiting vulnerable RDP to steal identities, and login credentials as well as to install and launch ransomware attacks. It is recommended that unused RDP ports be closed, and the ones that are in use should be using multi-factor authentication.

 Backup data frequently and securely.  Data backup is a practice that is essential if a company falls victim to a breach.  Data backup involves coping data to one or more locations at pre-determined frequencies.  A preferred process is having data that is stored and segregated from the main network, and even stored offline in an offsite location. A good backup process can facilitate the recovery of data from malicious attacks.

 Data management strategy — The Data Management Strategy (DMS) is the process of creating strategies/plans for handling the data created, stored and processed by an organization. It is considered as an IT governance process that aims to create and implement a well-planned approach in managing an organization’s data assets.

Business Continuity Plan — A Business Continuity Plan (BCP) is another underwriting requirement for cyber insurance.  A BCP is a document that outlines how a business will continue operating during an unplanned disruption in service.  The plan needs to understand the impact of IT dependent functions like the organization’s website, social media accounts, and shared and restricted network drives—and all the valuable information stored within.  It also needs to identify all critical IT processes, data, and locations that support the organization’s revenue, customer information and trade secrets.

From the above six risk mitigation strategies, your can see that insureds need to take a proactive approach to their cyber security and protecting their data.  By doing so, they will become a more attractive risk to cyber underwriters and make it easier to procure cyber insurance, for a first-time buyer, or mitigate the renewal results in these difficult times.


About the Author

Dan Vecchio is the Management Liability Practice Leader for Founders Professional. Dan helps retail insurance agents, across the Country, to place their distressed management liability and cyber liability insurance risks for businesses of all sizes across a multitude of industries.


Have questions about this topic or interested in securing quotes?

Contact Dan Vecchio

[email protected]  |  312.219.6589