Insurance coverage

Are you buying too much cyber insurance coverage? Use CRQ to discover

As major ransomware attacks make headlines and cybercriminals continually come up with new ways to attack, businesses are looking for ways to protect themselves. In addition to strengthening cybersecurity practices and adding new technologies, this protection increasingly involves the purchase of cyber insurance policies.

As the US Government Accountability Office (GAO) Findingsthe number of insurance customers who purchased cyber insurance increased from 26% in 2016 to 47% in 2020.

However, having a cyber insurance policy does not automatically mean that you are sufficiently protected. You may have gaps in your coverage that could still expose you to financial losses. This may be because the terms and limits of your current policy do not match your current risk levels. Or, your insurer could also be under pressure and could start making changes such as premiums or introducing exclusions.

Large-scale attacks, such as last year’s Colonial Pipeline ransomware attack, which caused short-lived gasoline shortages in the southeastern United States, have highlighted the potential for damage financial disasters. As a result, insurers are beginning to take steps to limit their exposure to these losses,” notes the GAO.

Rather than hoping for the best with your cyber insurance policy and assuming you’ll be covered for any cyber losses that might arise, you can take control with cyber risk quantification (CRQ). This can help you identify gaps in your existing coverage, analyze other insurance options, and identify areas to improve your cybersecurity posture.

How the CRQ helps you assess your cyber insurance policy

To understand how the CRQ helps you assess your cyber insurance policy, it is important to first understand what cyber risk quantification entails.

CRQ is financially quantifying your cyber risk. In other words, you can see how different impact scenarios would lead to financial losses.

For example, you can compare the cost of business interruption caused by a 1% chance event (i.e. an event that occurs on average once every 100 years) against the cost ransomware/extortion due to a 10% chance event.

So, by performing a CRQ, you can compare the potential losses to the limits of the cyber insurance policy. You may find that you have enough coverage for a 5% event per year, but a 1% event could cost you millions of dollars.

Although these more extreme losses are not as common by definition, you have to ask yourself if you would be comfortable with this risk. Just as a homeowner may purchase earthquake insurance hoping that a major event will never occur in their lifetime, a business may prefer to limit its financial exposure by purchasing a policy with higher limits.

But unless you do a CRQ to find out what different scenarios might translate to in financial terms, you won’t know what insurance coverage you need.

Insurance companies want you to have strong cybersecurity

Another way CRQ helps you with cyber insurance coverage is to map how different cyber security controls might affect your financial risk. For example, upgrading your cloud security could reduce your financial exposure more than focusing on email security, depending on your situation.

Knowing this, you can then more easily prioritize cybersecurity investments and strategies. Not only can this help strengthen your cybersecurity, but it can also help you get the right insurance coverage.

That’s because insurers want you to show that you’re cybersecurity savvy. If you don’t have sufficient checks, an insurer might not want to extend coverage, or at least not provide the terms you are looking for.

“The demand for cyber insurance is currently growing more steadily than the capacity offered”, ratings insurer Munich Re. “In order to future-proof cyber insurance, applicants must provide proof of their security standards.”

With CRQ, you can determine where to focus your cybersecurity efforts to make your business an attractive candidate for a quality cyber insurance policy. Also, if you can reduce your financial risk, you may be able to save money on your policy.

Kovrr can help you get better cyber coverage

By perform a financial quantification cyber risk, Kovrr can help your business assess your cyber insurance policy and improve your coverage.

Additionally, Kovrr compares your insurance terms and conditions to industry peers and provides recommendations for different cyber insurance options that match your risk profile.

Plus, by providing information about your cyber risk and helping you understand how to fill the gaps, we can help you get a better rate on your cyber insurance policy. We will provide you with a full CRQ report which you can take to your insurer to negotiate better terms.

Get started today by viewing a sample CRQ report Where Get better coverage at a better rate on your cyber insurance policy.