Since the onset of the COVID-19 Pandemic, the cybersecurity environment has rapidly transformed. The frequency of incidents and cyber liability insurance claims have multiplied exponentially and continue to grow. Cyber Liability Insurance underwriters are on high alert and have instituted several changes for the renewal process. The process to obtain and retain key coverages has changed considerably. One of the three industries impacted the most by recent claim trends and changes has been Education Institutions and K-12 Schools (in addition to Public Sector and Manufacturing). All organizations should be prepared for increased due diligence, more comprehensive applications and rising premiums.
Cyber liability insurance has been at the top of headlines in recent time due to the ongoing growth of significant ransomware and fraudulent incidents, affecting educational institutions throughout the U.S. If there was any doubt that cybersecurity is not a critical business issue, the past months have taught us this is a problem that can cripple a school’s ability to function. With cases where claims have been paid out in the millions of dollars, we have seen a momentous exit by carriers with remaining carriers reducing capacity and changing terms and conditions.
With all of the chaos in the marketplace from carriers exiting the business, to premiums increasing exponentially, there is hope for those that have taken steps to harden their cybersecurity infrastructure. It is now more important than ever to be able to show through an application (which now is typically on average at least 5-7 pages long, rather than a few questions), that a prospective policyholder is taking the necessary steps to do all that they can to protect against cyber threats. It is now mandatory to confirm that businesses have implemented Multi Factor Authentication (MFA) and encryption of data while at rest and in transit for coverage terms to be offered. As carriers are taking steps to deepen the underwriting process, it is critical to work closely with not only your insurance professional but also to involve qualified third party IT providers.
In order to be prepared for the continuing hardening of the cyber market, K-12 and Educational Institutions can take several steps to prepare for increasing premiums and in some cases difficulty qualifying for cyber insurance. Some of the key steps that can be taken include:
- Start the renewal process early, at least 4 months in advance. This will help if there are certain protocols that can be implemented to improve cybersecurity protocols, increasing the application profile.
- Use a commonly accepted application form to prevent lost time completing multiple carrier applications.
- Work with a qualified IT provider to implement the base standard of protections including Multi Factor Authentication (MFA), Endpoint Detection and Response (EDR), Network Backups, Encryption of Data at Rest and in Transit among other security protocols.
- Construct a narrative to describe the increased awareness that the organization has put forth (ex. Cyber Awareness Training).
- Form a trusted team of advisors including an Insurance Broker and IT Cybersecurity Firm.
If an Educational Institution is able to demonstrate comprehensive, documented policies and procedures along with proper protections and systems in place, there is hope to have a better performance through the renewal process. However, the insurance marketplace is changing rapidly and it is critical to consult with an insurance expert to help manage the renewal process.
Jim Doran, Vice President
Gallagher