10 tips to lower your cyber insurance premium » CBIA

The following article was originally published Whittlesey’s InsightReprinted here with permission.

As time goes on, businesses and non-profit organizations are increasingly exposed to cyberattacks.

Even one incident can have serious consequences.In fact, the average cost of a data breach is over $4 million.

For small and medium-sized organizations, costs typically average $500,000.Unfortunately, the cybercrime industry is estimated to be worth over $10 trillion By 2025.

Insurers have recently become tougher on future and current cyber policyholders if they are not adequately protecting themselves from cyber threats.

The average cost of a data breach can exceed $4 million.

For example, we need to perform vulnerability scans on customer networks and enforce certain controls such as multi-factor authentication before delivering policies. Answers to IT and cyber surveys are now influencing insurance premiums.

Fortunately, you can take steps to reduce your cyber insurance costs and get the most out of your policies.

Before you buy insurance, let’s take a quick look at how you can significantly reduce your cyber insurance rates.

multi-factor authentication

One of the best ways to reduce your cyber insurance costs is to implement multi-factor authentication for all your accounts.

MFA adds another layer of security by requiring users to confirm their identity with two or more factors, such as a password or a code sent to their mobile phone.

It’s a simple process, but one of the more effective controls for protecting sensitive information and systems.

password manager

Another great way to cut your cyber insurance costs is to use a password manager. A password manager helps you create strong, unique passwords for all your accounts and store them in a safe place.

This eliminates the need to remember all your passwords and ensures that all passwords are strong and unique.

In today’s environment of many passwords, this has the side benefit of making life easier and less frustrating for forgotten passwords.

Another important benefit for businesses is that staff can use passwords to log in without having to verify them. This reduces the hassle of offboarding (so many systems a retired employee has access to without having to change his password).

employee training

Studies show that more than 90% of security breaches are caused by human error. That’s why security awareness training is so important to minimize risk.

A security awareness training program helps employees learn how to spot phishing emails, create strong passwords, and keep personal information safe.

The better your employees protect sensitive data, the less risk they pose to insurance companies.

The better your employees protect sensitive data, the less risk they pose to insurance companies.

In 2022, we consider this a mandatory standard practice and should be part of your security program to complete it.

software update

Updating your software regularly is something that cannot be overlooked. Software updates often contain security patches that help protect your system from new threats.

Make sure you have an automated and monitored patch management system that covers operating systems, third-party applications, and network devices (such as firewalls).

Also, cybercriminals mainly target companies that do not keep their systems up to date.

cyber security tools

Another important step you can take is to invest in cybersecurity tools. A variety of tools help protect systems and data, including firewalls, antivirus software, application whitelisting software, intrusion detection/prevention systems, and the rapidly growing importance of managed detection and response systems. .

Talk to a cybersecurity expert to choose the right set of tools to give you the security you need.

response plan

An incident response plan is another important part of your security program.

A response plan outlines what to do in the event of a breach or attack.

Planning can help limit the damage and minimize the impact and cost of an attack.

Continuity plan, image-based backup solutions

Business continuity and disaster recovery plans are not only essential elements of your security program, but their creation also helps ensure a viable recovery plan and systems.

With the right BCP and DRP in place, you can restore your systems and data and get your business back up and running quickly in the event of a breach or attack.

Make sure you are also using the latest backup technology.

In 2022, this means utilizing image-based backups. It archives entire images of servers and computers for the fastest and most complete recovery.

These systems require local and cloud components for optimal protection.

monitor the system

System monitoring can identify potential threats and vulnerabilities and detect when a control system goes offline.

Keep an eye on your logs and activity so you can quickly identify any unusual situations.

Active monitoring can go a long way in preventing small problems from turning into big ones.

In some cases, this can be the difference between dealing with the threat quickly or suffering huge financial losses, legal complications, etc.

hire an expert

working with cyber security expert It helps you assess risks, implement security controls, and develop response plans.

Leveraging their expertise will help you avoid costly mistakes and keep your system as secure as possible.

This is especially important when you don’t have in-house resources dedicated to cybersecurity.


As you can imagine, being proactive is one of the best ways to lower your cyber insurance premiums and prevent unexpected expenses.

Taking steps to mitigate risk now can not only lower your premiums, but also reduce the likelihood of future claims impacting your rates.

This saves you money both in terms of premiums and deductibles.

Lowering your cyber insurance premium may not seem easy at first, but it’s easier than you think.

Before you buy cyber insurance, be sure to address the guidelines above.

About the author: Chris Wisneski I am the IT Security and Assurance Services Manager for Whittlesey’s Hartford office. He has over 20 years of experience in information technology, with a specialization in cybersecurity.

Leave a Comment