9 common questions cyber insurance providers ask

By Professor Danny Myburgh

Like many business leaders, you may be considering purchasing cyber liability insurance for the first time. With cyberattacks – and ransomware attacks in particular – on the rise, this is not surprising. In fact, cyber insurance is fast becoming one of the most important insurances businesses can invest in.

The questions we often receive from clients investigating cyber insurance revolve around what it is, how much it should cost, and what insurance providers are likely to ask.

In our experience, there are nine key areas that cyber insurers focus on. These key areas are important before a policy is taken out, and if a breach occurs, these areas will be revisited. As a digital forensic lab, these are key areas that we review when investigating and isolating where a cybercriminal entered a network and what they did within the system.

Just as security companies expect businesses to have physical security measures in place protecting people and property, so cyber insurers expect businesses to have taken all reasonable action to prevent a cyberattack. Perhaps this is why South African organisations are spending 71% more on cyber budgets, according to PwC’s Digital Trust Insights, and why they believe the CEO is responsible for reporting to the board on cyber security. It is a critical business risk factor.

So, what is the best way to protect your business? First, let’s take a look at what cyber liability insurance is.

Cyber liability, also known as ‘data breach’ or ‘privacy’ insurance policies, are designed to cover specific losses that may result from electronic activities, including email, video conferencing, data collection and storage, and more. 

Most cyber liability insurance policies provide organisations with a combination of coverage options to help protect the company from data breaches and other cyber security issues, such as ransomware. 

It’s worth mentioning that ransomware attacks in South Africa can run into the tens of millions. Cyanre has been asked to negotiate many ransomware attacks, and in 2019 the typical ransom demand was below three bit coins (BTC), which was R400 000 at the time. In 2021, the highest ransom demand we received was for 88 BTC (R78 million. The average BTC demand that we saw in 2022 was in the region of R20 million. 

The good news is that you can insure your organisation to protect against a ransomware attack – but only if you have taken all reasonable actions to make your networks as cyber-secure as possible.

Cybersecurity insurance is not a perfect solution that will cover all of your expenses and damages resulting from a cyberattack. It is one part of a comprehensive solution.  

9 common questions when applying for cyber insurance 

When applying for cyber liability insurance coverage, you will most likely be asked a series of questions. Here are the nine of the most common questions, but this is by no means a comprehensive list. 


1. Do you use Multi-Factor Authentication (MFA)? 

Multi-factor authentication (MFA) enhances security beyond the conventional username and password combination. It usually requires the input of a username, password, and an additional element like a code sent to a mobile phone, a token, or a key fob. MFA introduces an extra hurdle that an individual must overcome to access your information.


2. Do you provide employee security training? 

In terms of security, your employees can either be your strongest safeguard or your most vulnerable point. Often referred to as the ‘human firewall’, consistent security training ensures that employees stay up-to-date with the newest cyber defence techniques and strategies. Equip them with the necessary knowledge, training, and resources to identify and counteract cyber threats. By maintaining a focus on cybersecurity awareness and supplying the tools required for effective action, you empower your workforce to function as a well-prepared human barrier, protecting your IT infrastructure and data.


3. Do you monitor for unauthorised access?

Having immediate insight into every device accessing your network is crucial. You can’t defend against malicious actors if you’re unaware of which devices are accessing your networks at all times. Real-time awareness can improve your reaction speed and minimise potential damage, while post-action forensics can identify any gaps, close vulnerabilities and determine if the cybercriminals left a backdoor into your system.


4. Do you back up your data? 

Data backups are essential for disaster recovery; however, merely backing up your data is insufficient. It’s important to understand how to retrieve backups prior to facing a disaster. Conduct regular data recovery exercises to confirm that all systems are functional and to avoid learning this lesson during an actual crisis.


5. Do you have endpoint protection?

Endpoint security safeguards against file-based malware assaults, identifies harmful activities, and equips you with the necessary resources to examine and resolve security incidents.


6. Do you use encryption?

Encryption secures data both while it is being transmitted and when stored. End-to-end encryption stands as the most efficient method for safeguarding information. Which algorithms are employed? How are end-of-life concerns addressed?


7. Do you limit access to data and systems?

There are two levels to this question. Data access is the first level limiting access to data, while physical access limits physical access to things like servers and administrator access to make changes to devices and systems.


8. How do you install updates and patches? 

Many small and medium-sized businesses apply updates and patches are manually, whereas cloud-based services deliver the newest versions to all devices automatically. These updates and patches include security improvements based on the latest developments in malicious software, making them crucial for safeguarding your data. At Cyanre, we have encountered breaches where third party suppliers failed to install patches and updates and a breach occurred, so ensure you know who you are working with. 


9. Do you have a disaster recovery plan? 

Insurance providers want to know that you are proactive when it comes to recovery. Their money is on the line as well as yours. 


What’s Next? 

Take into account your risk level and industry when making this crucial choice. You should look for an insurance provider with expertise in collaborating with other clients from your sector and organisations of similar size.

Their experience will be valuable, not only for tailoring your policy appropriately, but also for offering the specific resources your business may require in case of a cyberattack. 

Cyanre can assist you with a cyber Insurance audit, to ensure that you are compliant.