Cyber Liability Underwriters to Become More Stringent

Kyle Greenup, NGU Risk Management

December, 2021

During TNRMT’s last renewal cycle, Members felt more strict guidelines from Cyber Liability Underwriters as cyber security concerns rippled through the global insurance industry. A Cyber Security ScoreCard, provided by our partners at Great American Insurance Group (GAIG), was introduced as a method to assess the cyber security posture of TNRMT’s individual Members. While most Members did very well with this new ScoreCard based assessment, we saw many Members that scored very low. Low scoring Members were initially ineligible for continued Cyber Liability Coverage. Fortunately, Members starting with a low score worked diligently to improve their score. Upon renewal, TNRMT was able to offer Cyber Liability Coverage to 100% of Members. Bullet dodged! Well… for now anyway.

The insurance industry is putting pressure on organizations to reduce their own cyber risk. After all, insurers can’t access the organization's network, so any mitigation effort is the organization’s responsibility. Below are four areas of interest that we recommend reviewing to ensure a smooth cyber renewal next year:

1 - Multi-Factor Authentication (MFA)

Insurers are asking about MFA on their renewal applications, and we now know for a fact that MFA will be a cyber requirement going forward. MFA certainly makes for a more secure network, and most implementations are fairly easy and may already be included in services you use for no additional cost.

2 - Cloud Backup

One of the main benefits of cloud-based backups is the concept of ‘Air-Gap’. This simply means that at any given time, your data is backed up, off-site, offline, and not accessible from the internet without credentials (hopefully, MFA secured credentials). We’re very certain that an air-gap backup system will be required for continued cyber coverage.

3 - Mobile Device Management (MDM)

We’re more mobile now than ever, with many in the workforce working from home and other locations. Mobile devices are all but essential, and many employees use company-owned or personal devices to access email, documents, etc. Securing mobile devices via MDM policy is a great way to make sure that devices follow basic security measures, like enforcing a lock screen coupled with a passcode. Some MDM platforms can help locate lost devices and even remotely lock and wipe a device.

4 - End-User Training

It’s no surprise to me that the FBI lists end-user training as a high priority for organizations protecting sensitive data. TNRMT offers End-User Cyber Security Awareness training to all Members at no additional cost, and we encourage you to take advantage of this training! Another hot area for insurers, we feel end-user training will be a requirement for cyber coverage in the near future.

Kyle Greenup
NGU Risk Management
615.822.5454
kgreenup@ngutn.com