These CHUBB graphs show the growth in incidents compared to 2012 for the manufacturing industry, professional services as well as companies with revenues of less than $25 million. These curves unsurprisingly demonstrate that the pandemic was the gateway for cyberattacks. Since then, even if the number of attacks have decreased, they have not remained less significant year after year.

In this context, cybersecurity insurance ensures the sustainability of the company in the event of a disaster and loss of turnover. You should know that cybersecurity insurance covers a wide spectrum of events such as:

• Technical incidents,
• Human errors,
• Fines and ransoms,
• Damage caused by malware.

Insurance will cover many costs and financial damages caused by this type of incident.

It is important to note that a cyberattack costs the victim organization $1.67 million on average. Source: Global Application and Network Security. Moreover, the consequences are not limited only to a financial cost. On average, organizations report downtime for 24 days after experiencing a cyberattack, as reported in the Coveware report.

In addition, it is essential to take into account the legal implications that have appeared in the Quebec landscape since 2022 following the implementation of Bill 25 for the protection of personal information. The sanctions provided for by Law 25 can considerably increase the cost of a cyberattack. To learn more about this law and its impact, we invite you to consult our webinars on the subject. Law 25 phase 1 and Law 25 phase 2.

Insurance covers many costs and financial damages caused by the incident. Support covers a broad spectrum of events, from technical incidents to human errors, fines, ransoms and malware.

In addition, to be supported during and after the incident, cybersecurity insurance offers the expertise of a dedicated team including IT experts, legal experts and communications experts. This team is here to help you in every area impacted by a cyber attack, offering you valuable support and specialist advice.

What is the state of the cyber insurance market 

The cyber insurance market has seen significant development since its inception in terms of coverage offerings. We now see a certain uniformity in the protections offered by the various insurers, although each adopts its own approach.

Underwriting requirements have tightened considerably, becoming more precise and demanding. Insurers require strict compliance with good prevention practices, placing a major emphasis on risk prevention.

It is important to note that insurance policy renewals are not systematic or instantaneous. Policyholders must demonstrate their commitment to safety by following these best prevention practices, which influences the renewal decision.

At the same time, the market is showing increasing competitiveness, with increasingly competitive premiums. However, this competitiveness is accompanied by notable changes in coverage, in particular sub-limitations of certain guarantees such as ransoms, exclusions of specific risks such as the recent case of Log4j, as well as additional restrictions for policyholders not following not rigorously following good prevention practices, such as proactive management of known vulnerabilities.

What is covered by cybersecurity insurance 

As mentioned above, a cyberattack can take several forms and could impact several areas of your business. The impact can be very heavy, both financially and for the reputation of your business.

Throughout this article, we discuss different aspects of cyber insurance such as insurance coverage or the criteria and prerequisites to be covered. Please note that this information may differ from one insurer to another.

Cybersecurity insurance can cover emergency costs for responding to an incident, and will take care of paying ransoms. Insurance can also cover the costs of remediating impacts caused to your technological environment and cover the costs of interrupting your business.
Finally, insurance can cover civil liability costs and regulatory penalties related to damage from a cyberattack.

What are the prerequisites for accessing cyber insurance 

Taking out cyber insurance requires solid preparation in terms of IT security. Several prerequisites are essential to guarantee adequate coverage in the event of an incident. It is imperative to put in place prevention measures such as protection against ransomware with the use of multi-factor authentication (MFA), as well as rigorous management of privileged access.

Securing mobile devices, controlling endpoints through detection and response, rather than relying solely on traditional antivirus, are also crucial aspects. Integrating a risk management strategy for terminals reinforces the robustness of the security system. Data encryption and network segmentation, distinguishing operational access from administrative access, are also key elements in preventing breaches.

A rigorous software update procedure, combined with a cybersecurity patch management policy, is a must to maintain resilience against threats. Managing backups effectively, keeping them offsite and offline from the main network while performing regular testing, provides an additional line of defense.

Continuous 24/7 monitoring of the network, as well as an elaborate crisis management plan, are essential to detect and respond quickly to any attack. At the same time, ongoing training of employees in cybersecurity is a crucial link in this defense chain. Our Vigilance solution, the continuous phishing simulation platform, allows you to proactively train and educate employees, thereby strengthening the company’s overall resilience to digital threats.

MS Solutions can help you meet insurance requirements through its IT managed services. 

In short  

Even though cyber insurance is sometimes priced a bit high, it is a fundamental security that can save your business. We see that more and more computer attacks are emerging and that insurers have had to adopt their offer and their coverage in order to reduce your chances of being attacked, and therefore their share of risk. Thus, your company will have to adopt several prerequisites in order to meet the requirements of the insurer to be able to benefit from insurance. 

If you want to learn about cybersecurity, call on our experts to discuss your needs and concerns. You would like to deepen your knowledge independently, do not miss the cybersecurity training in e-learning on our YAZI platform. 

This article features content discussed in a previous webinar. To see this webinar in replay, it’s here. Subscribe to our newsletter to receive your invitations to future webinars.