Which clients are cyber underwriters favouring?

Recent loss ratio data suggests the hard market in cyber insurance has plateaued. In part, that’s due to underwriters being more discriminating about which risks they select for coverage.

“Insurance companies have rightsized their books. They know which clients they want, which clients they don’t want, and now they’re doubling down on the good clients,” Ilan Serman, president of Ontario at Gallagher Canada, told CU.

But what are clients doing to get themselves into cyber underwriters’ good graces?

Insurers are looking for Canadian companies that have invested time and money into implementing preventative cyber loss control measures.

Such best practices will always be amorphous, as cybercriminals find a way to defeat them. However, most recently, they include employee training, password protection policies, network infrastructure patches and software upkeep.

And server backups are crucial.

“In a ransomware scenario, it’s critical to have those backups in place to get yourself back up and running,” said Katie Andruchow, senior vice president and national cyber broking practice leader at Aon Canada.

“If you have good backups, you can say, ‘Okay, you have blocked me out of that system. But I can come up with a secondary system and get up and working,’” added Serman.

But while backups may be necessary, they aren’t sufficient.

“What we’re finding now is that by the time you know you’ve had a cyber event, the bad actors have likely been in your system for three-to-six months,” Serman noted. “So, there is a good chance that by the time they’re in there, your backup is potentially infected or infiltrated.”

That’s why it’s critical to encrypt the information in your backup system, said Jessica Visser, partnership development lead for the MGA portfolio at Sovereign General.

“From a cybersecurity perspective, the point of backups is to protect yourself from a ransomware event. But hackers know that; they could be in there for months and they wait until the backups are also infected with whatever malware is being used,” she said.

“You have to get ahead of the game. The answer is encrypting your backups. They have to be encrypted and segregated.”

Another fundamental control, which emanated from the social engineering attacks seen during the pandemic, is two-factor authorization.

“There’s been an enormous amount of social engineering fraud, in which [cybercriminals] imitate people. They read your emails and they send you an email that looks like it’s from your CFO or the owner telling you to send money,” Serman said.

“Multi-factor authorization means you can’t rely just on that email. You actually have to speak to that person and add a phone number that you recognize. So, multi-factor authorization is big. And, if you don’t have that, it is becoming increasingly difficult to get cyber insurance at all. That’s almost entry-level now.”

This story is excerpted from one that appeared in the August-September print edition of Canadian Underwriter. Feature image by iStock.com/lovenimo