What Cyber Insurers Look for When Underwriting Policies

The Underwriting Process is Changing

Cyberattacks remain one of the most critical threats facing public entities and educational institutions across the U.S. There has been no shortage of breaches in recent history as cybercriminals continue to target public institutions.  

As a result, cyber insurance carriers are being increasingly thorough in their reviews when underwriting policies, especially for public entities and schools. Underwriters are looking for evidence that their policyholders are taking adequate steps to stop a breach from happening in the first place and mitigating damages should one occur.  

To acquire adequate coverage at a competitive rate in today’s market, public institutions and schools must prove their cybersecurity preparedness. As an insurance broker that has placed countless cyber policies for our clients, we’re seeing this trend firsthand. Here are five basic steps public entities and schools should take today to demonstrate their cyber defenses:  

1. Train employees to spot phishing attacks: Phishing remains one of the most frequently utilized and effective tactics used by cybercriminals to gain access to an organization’s systems. The best way to prevent it is to train employees on how to identify and thwart the latest phishing schemes. These attacks are evolving rapidly, and ongoing education is essential.  
2. Prioritize regular data backups: Data backups are a lifesaver in the event of a ransomware attack. These data backups must be maintained on a separate system, perhaps with multiple providers, to add an extra layer of security. 
3. Enact strong password protocols: Strong passwords are the first line of defense against a cyberattack. Create password policies that require users to set strong passwords with more characters, upper- and lower-case letters, numbers, and symbols. It is also important to educate employees to never share their passwords and to update them regularly.  
4. Leverage multi-factor authentication: Multi-factor authentication is one of the most effective ways to prevent cybercriminals from accessing private files or systems should they obtain a user’s credentials. It is also simple and easy for employees to implement and use. Multi-factor authentication has become a must for cybersecurity defense strategies across the globe.  
5. Regularly update security systems: Cybersecurity is not something your organization can set and forget. Updating systems and promptly installing security patches is essential to keeping your organization’s system and data safe.  

Don’t Delay

Implementing these security best practices can take time, and it’s important that public entities and schools take steps immediately to demonstrate their cyber defenses. Carriers will not take your word on your cyber preparedness and will be looking for evidence of cyber best practices when underwriting policies.  

Not sure where to start? EHD can help. Reach out to us today for help streamlining this process.