Cyber Insurance: Expensive and Hard to Obtain

May 31, 2022

Cyber insurance is a hot topic. It's difficult to obtain coverage with new security measures. Get tips on how to stay covered!

Cyber Insurance: Expensive and Hard to Obtain

Cyber insurance has quickly become a hot topic. We’re seeing record rate increases. It’s also more difficult to obtain coverage as carriers require new security measures. Yet cyber insurance is something every business owner needs to seriously consider.

Here are tips on how to get and stay covered – even if you’re a small business.

Rates Rising 15% to 50%

According to the most recent Council’s Commercial Property/Casualty Market Index, the cyber market had a record increase of 34.3% in the last quarter of 2021. This was “the first time since the post-9/11 hard market where a line of business had an increase of over 30%.” Predictions for further increases this year are wide-ranging – from 15% to 50%!

The Miller Group also shed some light on this trend in a previous blog about preparing for property and casualty increases in 2022: “Cyber insurance has historically been under-priced because it was new and had relatively few users. Lack of historical data and claims kept premiums low. But the number of ransomware, phishing and social engineering attacks have skyrocketed, and payouts are going up accordingly.”

More Minimum Requirements for Coverage

Rates are affected somewhat by the rigor of security you’ve established. We’ve seen rate differentials of 100% to 300% for organizations that don’t have strong controls in place. Most underwriters won’t even give you a quote or renew your coverage if you don’t have multi-factor authentication and automated backups in place.

  • Multi-factor authentication or MFA requires users to provide two or more credentials before accessing your data. For example, in addition to providing a username and password, you may require them to enter a one-time access code provided via a text message, a telephone call or an authentication app. According to, 81% of data breaches in recent years can be attributed to password compromises.
  • Automated nightly server backups can ensure you’re back in business within 10 days or less.

In addition, you may be required to have an endpoint detection and response system. This is a security system that detects and investigates suspicious activities on hosts and endpoints (also known as connection points) that enables your security team to quickly identify and respond to threats. Well-documented employee training on phishing also can be essential.

Don’t Wait to Put Security Controls in Place

If you don’t have security controls in place, now is the time to begin adding them. We have seen insurance carriers lower coverage amounts or even deny coverage altogether if MFA and other controls are not in place.

Adding MFA can be quick, or it could take six months or more, depending on your organization and your internal capabilities and complexities. If you need help, The Miller Group can connect you with someone to assess your current security controls.

Yes, YOU Need Cyber Insurance

Based on the type of business you’re running, you may think cyber insurance isn’t necessary. For example, manufacturing companies often feel they don’t need coverage. But with the level of automation in manufacturing right now, they are exposed to cyber risk, too. Any system that connects you to others is a gateway for an invasion that can halt your business and cause production losses.

The size of your company doesn’t matter either. Even small nonprofits can be thrown into turmoil due to hacking. One of our small nonprofit clients was a victim of ransomware and never got their data back.

Don’t Rely 100% on Third-Party Vendors

Third-party IT vendors can be invaluable partners in securing your systems. But be sure to do your due diligence. Don’t assume they are taking care of all your cyber security needs or that their coverage will protect you. You must have your own coverage in place.

Needless to say, this is a topic that keeps us up at night. It represents such a huge exposure, and many businesses are vulnerable today. We hope this information raises your awareness of your potential risk and inspires you to take a few extra steps to make sure you’re covered.

About The Author

Surina McConnaughey, CLCS, CPRIA

Surina McConnaughey, CLCS, CPRIA
Email As Account Executive, Property & Casualty, Surina has more than eight years of experience in property and casualty insurance. Surina is responsible for advice and analysis of commercial coverage, exposure review, carrier relationships and market conditions. She specializes in the nonprofit division and takes an active role in ensuring overall client satisfaction.