By Tim Kolacz
In the land of insurance, typically about once a year, one of the main lines of business goes hog wild, nukes itself, and companies are not prepared for what happens. This past 24 months it has been Umbrella/Excess coverage that has gone batcrap crazy. Typical increases have been 35% and as high as 200%. If you have received anything under 30%, there should have been no questions asked as that was amazing and take it and run.
In the first few weeks of 2022, the tide has changed on Cyber Liability coverage.
For the past several years, Cyber coverage has gotten much better. The coverage parts have expanded and the premiums have gone down dramatically. 8 years ago, you’d get 3 coverage parts, multiple sublimits, and the premiums were $18,000– $20,000. The past several years, you’ve had 8 coverage parts, fewer sublimits, additional items like Social Engineering, meaning you could push the button on a scam transfer, and you still had coverage.
Nope, not anymore.
Within the past 7 days, I have received two different non-renewal notices due to the carrier wanting to now have the client provide MFA for all of their employee computers. MFA is Multi-Factor Authentication. This is the text message you get when you login to your computer system and it wants to make sure that it’s you logging in. Most companies don’t have this.
I know a big giant company that is in the business of providing insurance to businesses and personal home and auto that just implemented this within the past 45 days. There are other big giant companies that don’t have it. As of today, I have 15 Cyber Liability insurance carriers that are refusing to quote the coverage if you do not have MFA in place. Additionally, they also need to have the company in question have a plan about how often their data is backed up. On top of that, the carrier is wanting you to be triple redundant. Redundant. Redundant.
So here we go. Buckle in. Call IT, or your new IT company as your current one may not have what you need. So, here’s what you need to do to not only be able to get Cyber coverage, but to also get it at a reasonable rate:
- Institute MFA right away
- Typically, it will take a couple of weeks based on your data, where it is now, and how many employees are running around
- This includes all remote and direct system admin access points
- Institute a specific backup plan for all of your data
- Best if it is off site as well
- Have Endpoint Detection and Response software on your system
- The IT people will give you a much better idea of what this is. I would screw up the explanation
- Have the IT company do a test of your system so that it can be determined what your vulnerabilities are
- Unless you have all of the above already, you have them, trust me
If you think this is meant to scare you, you are a smart cookie. This is happening now and it’s gonna be ugly for the next 12 months. Premiums will increase about 20% with all of this in place; they will jump 400% if you don’t and that’s if you can get it without.
The reality is that it will be less expensive to put this in place now and then two things will happen. You will be less vulnerable to attack and there is limited chance of coverage interruption for your company.
Tim Kolacz is a Property and Casualty broker for HUB International. He can be reached at [email protected] and at 714-922-4234