Knowing how cyber insurance is underwritten can help you save on your premium

With most types of insurance, there is an underwriting process. This involves assessing the risk that an insured party will file a claim to receive policy benefits. With life insurance, underwriting involves the risk of death. With auto insurance, you are rated on how likely you are to be in an accident.

The underwriting process is the main determining factor of how much a policyholder will pay in premium for insurance coverage. The more risk you pose to the insurer, the more you will pay.

Cyber insurance is also underwritten. Because it’s a fairly new type of insurance, underwriting cyber insurance is still a work in process for most carriers that offer it. Plus, it’s difficult for underwriters to accurately assess risk and the cost of a breach. That’s because of the lack of actuarial data on cyber hacking.

A cyber insurance carrier will typically evaluate your risk based on the following factors:


The industry you operate in may be the most important underwriting factor for cyber insurance. Some industries are more high-risk because of the type of data they store, which makes them an attractive target for hackers. Health care, the legal profession and financial services are among the most targeted industries because of the volume of sensitive data companies in these industries store and transmit.

According to an annual report by IBM, the most attacked industry in 2019 and 2020 was finance and insurance. The report showed that the financial sector was affected by a large portion of server attacks, data theft and some ransomware cases.

The study also ranked professional services, which includes law firms, the fifth most attacked industry. Cyber criminals often target law firms to steal information on cases, client information, and privileged communications between attorneys and clients.

The biggest threat to professional services, according to IBM, are ransomware attacks. “One law firm’s data was put up for auction for $40 million dollars, underscoring the high price ransomware attackers perceive they can obtain for professional services firms’ data,” the report said.
The volume and type of data your business has

The more sensitive, personal data you have stored, the more at risk you are to hacking. High-risk companies possess financial data, bank account information, credit card numbers, Social Security numbers and other sensitive information.

Company size

The bigger your company, the more potential entry points into your network. You have more employees who can fall for phishing scams and social engineering attacks. Also, bigger companies typically use more outside vendors that can provide a hacker with third-party access to your network.

Annual revenue

The more money your company earns, the more of a target it is to cyber criminals. This is especially true for hackers who commit ransomware attacks, in which criminals demand payment in return for data they have compromised. A hacker can demand a higher ransom from companies that earn more revenue.

In addition, revenue helps cyber insurance underwriters understand the potential financial impact of a cyber security breach, including the cost of remediation following an attack.

Strength of security measures

Cyber insurance companies will assess how protected your networks are against hackers. This includes your company’s security protocols, such as:

  • Password requirements
  • Encryption policies for storing and transmitting sensitive data
  • Document retention and storage policies
  • How documents containing sensitive data are disposed of when no longer needed
  • Who and how many people have access to what data
  • Procedures for backing up information
  • Security testing procedures
  • The effectiveness of employee cybersecurity training programs

Of these criteria, the only one you can control enough to potentially lower your cyber insurance premium is the strength of your cyber security measures.

While no amount of security measures can guarantee an impenetrable network, you want to make it as difficult as possible for a hacker to gain access.  

The best defense against hackers is instilling a companywide culture of smart security practices. All employees and departments should feel it’s their responsibility to protect the company’s network. This means that through policies and practice, all employees should:

  • Protect access to their individual workstations by using strong passwords, by never sharing passwords, and by never letting unauthorized people in work areas.
  • Protect company data by restricting access, by properly storing, transferring and destroying data, and by encrypting sensitive data.
  • Stay up to date on the latest cyber security risks and report potential breaches immediately to their HR department.

In addition, your company’s IT department should conduct regular penetration testing, which is a simulated cyber attack designed to identify network vulnerabilities.

These are just a few examples of how to make your company less of a target to hackers, which in turn should enable you to pay less in premium for cyber insurance coverage.

When you are ready to compare coverages and rates, the experts at ProDefender can help you shop the market and select the right policy for your firm.


Get A Quote

1988 Rate this article:
No rating

Theme picker