Cyber Insurance and Risk Management

Most cyber policies include some form of pre-loss risk management offerings in addition to the core insurance coverage.

Risk management offerings vary from carrier to carrier but can include:

  • Sample network security and privacy policies
  • Table top exercises
  • Online employee training
  • Threat intelligence and detection tools
  • Vulnerability scanning

Once a cyber insurance policy is in place, the policyholder can avail themselves of these services to enhance their own cyber risk management program. However, surprisingly, very few policyholders ever tap into any of these services. The risk management services being offered are, for the most part, included within premium charged for the cyber insurance policy, or are being offered at a significantly discounted price.

Purchased independently, the overall value of these services can be as much as $30,000. We strongly recommend policyholders take advantage of these pre-loss offerings and try to incorporate them into their overall cybersecurity strategy.

Secure IT

You need to secure your organization’s overall digital profile. Cybercriminals are becoming more sophisticated every day. One way an organization can protect itself against cyber-attacks is by assessing the strength of security features on devices and software they use most frequently.

Cyber insurance can be instrumental in helping organizations conduct this kind of assessment.

The very act of applying for cyber insurance will force the organization to assess all aspects of its network security controls and practices.


Further, the underwriting process will scrutinize the organization’s technical defenses, privacy policies, incident response readiness, business continuity planning, third-party/vendor risk, etc.

Cyber insurers are managing large volumes of claims and incidents daily. As a result, insurers have great insight into terms of most common attack vectors, as well as which security features and practices are working, and which ones are not.

Right now, business email compromise (BEC) is a substantial issue for organizations of all sizes, within all industry verticals. Insurers are urging policyholders to adopt multifactor authentication (MFA). While MFA is not an absolute defense, it creates a substantial hurdle for cybercriminals. MFA is relatively easy to implement and is low in cost.

If you have not implemented MFA already, we suggest you add it to the top of your To-Do-List this month as an additional means of securing your network!

October is National Cybersecurity Awareness Month (NCSAM), a collaborative effort between government and industry to raise awareness about the importance of cybersecurity. Join us in sharing this year’s message to Own IT. Secure IT. Protect IT.

If you have any questions about our cybersecurity insurance program or want to learn more about what we offer, let’s connect.