Information Management

10 steps to combat the high cost of cyber insurance

As the frequency and scope of cyberattacks increases, so does the cost of cyber insurance. And the rise is dramatic. As discussed in The Wall Street Journal, in the second quarter of 2022, US cyber-insurance prices increased 79% from a year earlier, after more than doubling in each of the preceding two quarters, according to the Global Insurance Market Index from professional-services firm Marsh & McLennan Cos. 

Even worse, some companies are applying for coverage and being rejected because cyber insurance underwriters have concluded those companies are a bad risk because they don’t have enough mechanisms and programs in place to protect against attacks. 

Corporate legal teams are playing a larger role than ever in their organization’s cybersecurity programs. According to the Association of Corporate Counsel 2022 State of Cybersecurity Report, cybersecurity reports to the Chief Legal Officer (CLO) in 38 percent of departments surveyed  and 84 percent of CLOs now have at least some cybersecurity-related responsibilities (up from 76 percent in 2020). 

Ten Steps to Combat the High Cost of Cyber Insurance 

How can your organization maximize its ability to obtain cyber insurance while keeping costs contained to the extent possible? Here are ten steps to combat the high cost of cyber insurance: 

  1. Implement Multi-Factor Authentication (MFA): Implementing MFA protection on every application that supports it can help protect confidential information, particularly concerning mission critical and valuable data systems by making stolen credentials useless without the authentication device. 
  1. Apply Principles of Least Privilege (POLP): Upgrade your organization’s security by tightly controlling access rights to its operating systems and applications. Create dedicated user accounts with limited privileges tailored for specific tasks, so that everything runs as smoothly – and safely! – as possible and ensure that your cloud providers do the same
  1. Apply Updates and Patches Promptly: Keeping software and operating systems up-to-date with the latest security patches is an essential way to prevent potential threats, so it’s important to monitor when providers issue patches that eliminate vulnerabilities and apply them promptly (before the hackers, who monitor them as well, can take advantage of them). 
  1. Conduct Backup and Recovery Tests: To ensure you’re prepared for the worst, establish regular backups and recovery tests of your key data. Doing so provides an invaluable control to limit disruptions caused by malicious activity like ransomware attacks. 
  1. Endpoint Detection and Response (EDR): Keep your connected devices safe with an EDR security solution. This innovative technology actively collects data regarding connected systems, performs rules-based analysis to detect malicious activity, then generates automated responses designed to protect against cyber threats. 
  1. Email Security Filters: Keeping your email spam and malware filters up-to-date is an effective way to protect against phishing attempts, significantly reducing risk. 
  1. Implement a Mobile Device Management (MDM) Solution: Implementing MDM solutions can be a vital way to help keep mobile devices secure. Especially in the context of a BYOD environment where personal and business data are mixed on one device, these solutions equip organizations with valuable protection against potential risks. 
  1. Data Minimization, Encryption and Monitoring: Maintaining data privacy is essential in our cyber-driven world. Data must be classified, managed and secured to reduce data breach risk and support data minimization. Regularly eliminating redundant, obsolete or trivial (ROT) data not only helps remove potentially sensitive data from exposure to hackers, but also meets GDPR Article 17(1)(a) requirements for prompt disposal when personal info no longer serves its original purpose. Encrypting sensitive data at rest protects that data even if it’s accessed by internal or external threats and monitoring activity on that sensitive data enables your organization to react quickly to shut down threats before they can do any damage. 
  1. Keep Policies and Procedures Documentation Evergreen: Keeping technology-related policies and procedures, such as credentials and password requirements, evergreen helps ensure the safety of your company’s data. Implementing security best practices is essential to protect against potential cyber threats. 
  1. Rigorous and Recurring Cyber Training: To ensure all employees are up-to-date on the latest security protocols, regular intervals of comprehensive training and refreshers should be provided. Additionally, spot training can be conducted to combat newly identified risks as they arise. 


Cyber insurance is no different than any other insurance in that the cost of it depends on the risk associated with the coverage. The drastic increase in the risk of cyber incidents is the primary driver in the rise of the global cybersecurity insurance market, which is expected to grow from $9.29 billion in 2021 to $38.7 billion by 2030

Just as auto insurance providers offer a discount for a safe driving record and home insurance providers offer a discount for the implementation of a home security system, cyber insurance providers are more likely to not only offer cyber insurance coverage when your organization demonstrates a comprehensive cybersecurity program, but they will also be more likely to offer lower rates for that coverage. Applying the ten steps discussed above will maximize the ability for your organization to keep its cyber insurance costs in check. 

For more information on OpenText™ Security Solutions, click here

Nadia Riyasat

Nadia Riyasat is a Product Marketing Manager for OpenText eDOCS and Decisiv solutions. Nadia defines, demonstrates, and communicates the value of OpenText solutions to drive awareness and adoption with customers, partners, and the OpenText salesforce.

Related Posts

Back to top button