5 factors contributing to company cyber risks

Conducting a risk assessment can help companies lower their cyber insurance premiums as threats increase.

Negotiating insurance premiums and risk coverage with cyber insurers requires organizations to present tangible data that demonstrate compliance with cybersecurity standards and effectiveness. (Photo: Miha Creative/Adobe Stock)

Cybersecurity concerns have moved well beyond the offices of security teams and have now entered leadership meetings and boardroom discussions. Cyber is rated as the number one business risk facing industries today according to a PwC survey. As hacking, cyberattacks and data breaches escalate, more and more companies are looking to insure themselves against a cyber catastrophe and secure themselves financially. But obtaining cyber insurance is known to be difficult and more expensive today than it was ever before. If cyberattacks continue to escalate as they have been, chances are that premiums will ride shotgun and follow suit.

That said, there are cyber strategies insurers and organizations can follow to improve their eligibility for cyber insurance, agree to more favorable terms, lower premiums, and maximize the value they can receive from their cyber policy. But before we move on to those things, we must first understand the main factors contributing to cyber risk.

5 major factors contribute to cyber risk

Cyber risk evolves constantly, owing to rapid changes in technology, connectivity and the overall threat landscape. Here are five main factors contributing to cyber risk:

Insurance premium and coverage Is directly proportional to cyber risk

Just as an individual’s age, underlying health conditions and history of ailments have a direct impact on their insurance premium, the degree of cyber risks present in the business and the levels of demonstrable defenses it has in place has a direct relation to cyber insurance premiums.

In other words, the greater the cyber risk, the greater the insurance cost. Conversely, the better your security defense, the cheaper your cyber insurance premium and the better your coverage terms.

Keeping risk in check is key to reducing premiums and settlements

Given the challenging market conditions for cyber insurance, it is advisable that businesses undergo a thorough cyber risk assessment to identify weak spots and implement security controls immediately to reduce risk factors.

Studies indicate there is no stand-out priority area for insurers and that insurers expect organizations to implement security across the board. There are a range of security assessments and audits all organizations should consider:

It is also advisable that organizations run penetration tests to test defenses against real-world attack scenarios.

To summarize, negotiating insurance premiums and risk coverage with cyber insurers requires organizations to present tangible data that demonstrate compliance with cybersecurity standards and effectiveness.

Risk assessments can serve as a great tool for supplying evidence to insurers that the organization is high on cybersecurity maturity and low on cyber risk.

Michelle Drolet is CEO of Towerwall, a specialized cybersecurity firm offering compliance and professional onsite services with clients such as Foundation Medicine, Boston College and Middlesex Savings Bank. Towerwall focuses exclusively on providing small to mid-size businesses customized cybersecurity technology programs. Reach her at michelled@towerwall.com.

Related: