Over the past six months, we have held numerous discussions with medium-sized organisations of various sizes that would like to take out new cybersecurity insurance or adapt existing policies. The consistent tenor that we have heard everywhere is that it is becoming increasingly challenging to obtain affordable policies at all. Insurance against cybersecurity risks is now considered a high-risk policy by many insurers. Consequently, many insurers are continuously tightening the conditions and requirements under which risks in this area can be insured.
We have derived the following core challenges from the above-mentioned discussions:
For companies that want to insure themselves against cybersecurity risks, the question arises: how to deal with these challenges? We recommend proactively developing an awareness of your own risks even before the first discussions with potential insurers or brokers. The best way to do this is with a methodical approach to managing information security. The international standard ISO 27001 describes a management system for this and is well suited to addressing the challenges mentioned. With the risk-based approach, the points mentioned above can be addressed proactively – regardless of whether or not the organisation opts for formal certification. However, we believe that a certificate from an accredited certification body is likely to become a prerequisite for ensuring that cyber security risks remain insurable.
Is your company also facing the challenge of taking out appropriate insurance? We would be happy to arrange a free initial consultation on the subject of information security.