New Zealand

Ten Underwriting Factors Influencing Cyber Premiums

Ten Underwriting Factors Influencing Cyber Premiums

In today's digital landscape, cyber threats pose significant risks to organisations of all sizes and industries. However, securing insurance coverage involves more than just applying for a policy; underwriters meticulously assess various factors to determine risk levels and premiums. By understanding these factors and implementing proactive measures, businesses can enhance their cybersecurity posture, be better prepared for underwriting evaluations, and ultimately safeguard their operations against evolving cyber threats.

Below are common underwriting factors that can influence premiums:

1. Business Size and Industry: The size of the organisation and its industry can influence risk levels. Certain sectors, like healthcare, finance and government may face higher risks due to sensitive data.

How to prepare: Conduct a risk assessment tailored to your industry to understand specific threats. Stay informed about industry trends and cyber incidents affecting similar businesses.

2. Data Sensitivity: The type and volume of sensitive data the company handles, such as personally identifiable information (PII) or payment information.

How to prepare: Implement data classification schemes to identify and protect sensitive information. Regularly audit data handling practices to ensure compliance with best practices.   3. Cybersecurity Measures: Existing security protocols, such as firewalls, encryption, access controls, tested backups, and employee training programs.

**How to prepare:**nInvest in critical cyber security controls including Multi Factor Authentication, Patching applications and operating systems, regular backups and Endpoint Detection and Response. Regularly update and patch systems to mitigate vulnerabilities, and conduct cybersecurity awareness training and phishing testing with employees.   Other cyber mitigation strategies include:  

• patch applications

• patch operating systems

• multi-factor authentication

• restrict administrative privileges

• application control

• restrict Microsoft Office macros

• user application hardening

• regular backups

• end-of-life systems are replaced or protected

4. Incident History: Previous cyber incidents, breaches, or claims can impact underwriting decisions.

How to prepare: Conduct post-incident reviews to learn from any past breaches. Use findings to strengthen defenses and update policies accordingly.   5. Regulatory Compliance: Adherence to relevant regulations and standards (such as the NZ Privacy Act 2020 and OAIC) can affect risk assessments.

How to prepare: Stay informed about applicable regulations and ensure compliance through regular audits. Consider hiring a compliance officer or consultant if needed.   6. Third-Party Risk: Risks associated with vendors and partners, including their cybersecurity practices.

How to prepare: Assess the cybersecurity practices of vendors and partners. Implement contractual obligations for cybersecurity standards and conduct regular assessments of third-party risk.

7.   Incident Response Plan: The existence and effectiveness of a formal incident response plan can indicate preparedness.

How to prepare: Develop and regularly test a formal incident response plan. Ensure all employees are trained on their roles in the event of a cyber incident.   8. Network Infrastructure: The robustness of the organisation's IT infrastructure and any potential vulnerabilities.

How to prepare: Conduct regular vulnerability assessments and penetration testing to identify weaknesses. Segment networks to limit the spread of potential breaches.   9. Employee Awareness and Training: Regular cybersecurity training for employees can reduce risk exposure.

How to prepare: Implement ongoing cybersecurity training programs that include phishing simulations and best practices. Foster a culture of security awareness within the organisation.

10. Business Continuity Plans: Plans in place for maintaining operations during a cyber incident can mitigate risk.

How to prepare: Create and regularly update a business continuity plan that includes cyber incident scenarios. Conduct drills to ensure staff are familiar with emergency procedures.

By analysing these factors, underwriters aim to gauge the likelihood and potential impact of a cyber event on the business. At Delta, our underwriters use cyber risk management tools to help insureds build their cyber resilience and be in the best position to ensure effective coverage and premium.

Contact one of our Delta underwriters today to discuss how we can help you and your clients.