How can You Reduce Your Cyber Insurance Premiums?

Rising premiums are not due to “unreasonable” insurers.

In fact, they are looking for evidence that your organisation is insurable, said Andrew Lai, Chief Operating Officer of digital insurance broker Anapi, in the face of cyber risk data.

“At this stage, we have enough data to do some direct correlations between the requirements [insurance prospects] are asking for and breaches,” he told DPEX Network.

“Insurers are realising what they actually need to see to make sure that you are of insurable risk, and who are the clients with bad cyber risk posture that cannot be insured.”

This has led to increased documentation required for the underwriting process, and rising premiums that some observers believe is unsustainable.

Get our free guide on Preparing for a Data Breach with the help of a data protection management tool. Log in as a DPEX Network member (sign-up is free) to download.

Premiums expected to keep rising

Lai has observed that in 2022, cyber insurance premiums have been increasing and they are expected to continue to increase in 2023.

Documentation is also getting more technical, the forms and underwriting requirements are getting larger and more sophisticated.

“Although insurers are asking for a lot of documentation, especially for clients who are SaaS (Software-as-a-Service) providers or dealing with sensitive data, they are open to having a discussion about how you can meet these requirements,” he said.

Some of the key factors that determine the quotations of insurance premiums include an organisation’s sector, the types of personal data they handle, and the data protection and cybersecurity posture of the organisation.

Get our free Data Protection Impact Assessment (DPIA) Cheat Sheet. Log in as a DPEX Network member (sign-up is free) to download.

Insurers are not unreasonable

In the last one year, Lai has seen premiums stabilise for SME clients with proper risk management – and the documentation to prove it.

“In some cases, it may even be possible to get a lower premium if you can show the insurers that you are in a low-risk sector and you have proper risk management to contain a cyber breach,” he said.

“We have also seen a premium increase of 20% to 100% for clients in high-risk areas; for example, those handling medical data, financial data, [coupled with the fact that they are] lacking proper risk management processes.”

Having said that, he added that “insurers are not unreasonable.”

“If you can give them a good reason why, and they believe the reason is valid, they will accept how you defend your clients' personal data [and adjust premiums accordingly].”

Stay tuned for our upcoming webinars and events on data governance by following us on Facebook and Linkedin.

How you can get affordable premiums

For starters, take your stakeholders’ data seriously, Lai advised. This could be implementing security controls such as staff training, multi-factor authentication and regular data backups.

“[In Singapore] the market for clients who are actually taking their cybersecurity seriously, is actually flat. You can even get a reduction of your premium. There are a few new insurers in the market and they are aggressive in getting clients to have good processes to hedge cyber risk.”

Conversely, organisations that don't take a serious view and don't have a lot of processes to safeguard data will see premiums quoted for them keep escalating.

“We've also seen that insurers are now more sophisticated. In the past it was really just ticking a checkbox. But in the last year and going forward, insurers can accept that you may not have a certain process, if you can show them that you don't need it because of other better risk management measures.

“They will accept it and sometimes may even give you a lower premium.”