Cyber insurance companies are demanding greater risk management strategies from organizations interested in purchasing cyber insurance.

“Insurers want to know there is an organized and proactive effort to manage cybersecurity risk,” said Travis Wong, VP of risk engineering and security services at cyber insurance provider Resilience.

These risk management strategies include multi-factor authentication (MFA), backup, incident response plan, patching and cyber awareness training for employees.

While listing costs both before and after a cyberattack could be costly for both insurers and customers, both parties may get caught up in trying to fix the situation, overlooking other vulnerabilities that could lead to other costly problems.

“Theft of credentials either through phishing or unprotected assets exposed publicly on the internet remains the predominant approach for cybercriminals to launch an attack,” said Jack Kudale, founder and CEO of Cowbell Cyber.

Once companies already have a good security system and are ready to take the steps to meet security requirements, they can conclude a deal with a cyber insurance company.

Apart from the security requirements, many companies find it difficult to get cyber insurance because of the high costs.

According to the NetDiligence Cyber Claims Study 2021 report, the average cost to the insurer for a cyber incident is $145,000 for small and medium-sized businesses and $10 million for large businesses, with ransomware mitigation costs even higher at $256,000 and $16.6 million respectively.