How to Lower Cybersecurity Insurance Premiums


Cyber liability insurance is becoming increasingly important for businesses across virtually all industries. First introduced about 20 years ago, cyber insurance helps cover losses resulting from data breaches, malware, ransomware, and similar attacks. The combination of more companies conducting business online, cyber criminals becoming more proficient in their attempts, and recent high-profile attacks, such as the one on the Colonial Pipeline in 2021, have exacerbated the need for this protection.

As these occurrences spike the demand for cyber liability insurance, businesses have found another challenge — rising premiums. According to CNBC, cybersecurity insurance premiums went up by an average of 28% between the fourth quarter of 2021 and the first quarter of 2022, and researchers expect this trend to continue into 2023.

These issues pose a predicament for organizations. Insurance is necessary, but how can it be obtained while keeping costs at a minimum? M.A. Polce discusses how an effective risk management and compliance strategy can help in this regard.

What Is Cyber Liability Insurance?

Simply put, cyber liability insurance protects businesses from the risks associated with cyberattacks. These attacks can come in many forms — data breaches, ransomware, denial of service attacks, network outages, and issues with employee error.

Want to know more about cyber liability insurance? We cover it in-depth in our podcast episode “Cyber Liability Insurance Coverage.”

What Does Cyber Liability Insurance Cover?

Depending on the specifics of the policy, cyber liability insurance can help companies recover from things like data loss, damage to the company brand, and financial losses from operational downtime, lawsuits, legal fees, regulatory penalties, ransomware payouts, and customer revenue loss.

Cyber liability insurance policies will feature different levels of coverage depending on the provider. In general, most policies protect companies against the following:

  • Hacking and viruses
  • Data corruption and theft
  • Liability for defamatory content
  • Work devices susceptible to theft
  • Crisis management efforts (rebuilding of reputation or brand)

There are also several aspects that cyber liability insurance usually doesn’t cover. These include:

  • Cybersecurity risks caused by the insured company
  • Avoidable security issues (inadequate management of digital assets and configurations)
  • Infrastructure issues unrelated to cyberattacks
  • Costs of enhancing cybersecurity after an incident
  • Events that happened before the policy went into effect
  • Loss of damage to physical assets (covered under property insurance)
  • Any other expenses outside the limits of the policy


Why Do Organizations Need Cyber Insurance?

According to a recent report from Statista, over 60% of all corporate information lives in the cloud. This means more than half of all company data is vulnerable to cyberattacks. This statistic indicates just how essential cyber insurance is for organizations.

Some business owners may wonder why they need additional coverage if they have general liability insurance. General liability policies won’t protect your business against cyber threats. They also don’t cover the many processes that follow these incidents, such as:

  • Business downtime
  • Security upgrades
  • Customer notification and public relations
  • Reputational restoration

Cybersecurity threats are rising and affecting large and small businesses alike. However, small to medium size organizations typically don’t have access to the same cybersecurity protection measures as their larger counterparts, which may leave them more susceptible to an attack. For this reason, investing in cyber liability insurance is critical for small and mid-sized companies.

Why Are Cyber Insurance Premiums Increasing?

The cause of rising cyber insurance premiums is two-fold. First, cybercrime has become bigger in recent years. Just look at email scams alone — according to the FBI, the United States business sector has experienced over $43 billion in losses because of business email compromises between 2016 and 2021.

Second, when these attacks occur, they tend to be expensive fixes. This means insurers have to pay more, causing higher premiums and standards. Even for small to medium size businesses, the payout can be costly, and industries that deal with information protected by law, such as healthcare, may have to pay even higher premiums.

How to Reduce Cyber Insurance Premiums

Given the significant risks of cyberattacks and the resulting costs, many insurance companies heavily assess a company’s current practices before extending coverage. Some of the more common things insurers look for include:

  • Multifactor authentication (MFA)
  • Security awareness training
  • Endpoint detection and response (EDR) and managed detection and response (MDR)
  • Regular security and risk assessments
  • IT and security policies
  • Penetration testing
  • Email security
  • Backups
  • Firewalls


Infographic that shows the nine basic security measures all companies should have in place in to qualify for cyber liability insurance and lower insurance premiums.
While not all of these elements are necessary to obtain insurance, they can increase your chances of being underwritten and potentially lower the cost of the policy. Additionally, the following strategies can help decrease premiums:

Conduct Ongoing Risk Management

Cybercriminals are quite innovative and constantly develop new approaches to cybercrime. Businesses need to regularly evaluate their risk to keep up with trends in social engineering and similar attacks. One important step is to test networks and systems for vulnerabilities regularly to discover weaknesses that provide hackers a way in. Vulnerability scanning, penetration testing, and general risk management against an industry framework such as NIST should be part of the routine.

Create Documented IR Plans and Policies

You cannot completely eliminate the threat of a cyberattack. However, having a written incident response plan will give your team the knowledge and resources to lower the chances such events go undetected and provide a means for responding if one does occur. Plus, documented incident response plans and policies are easy to give to insurance providers as evidence of your cybersecurity practices.

Comply with Industry Recognized Frameworks

Cybersecurity frameworks provide a straightforward way to implement best security practices and comply with industry regulations, such as FFIEC, NYS DFS, or PCI-DSS. Some insurance companies will offer reduced premiums for businesses that follow the guidelines of a recognized security framework.
One of the most widely accepted frameworks comes from the National Institute of Standards and Technology (NIST). NIST’s Cybersecurity Framework (CSF) contains tested strategies for managing cybersecurity risk and standards for businesses operating in many sectors.

Consult a Managed Service Provider

It can be challenging for IT teams to balance cybersecurity management with many other daily tasks. One of the most effective solutions to protecting your business against cyber threats is partnering with a managed service provider (MSP) like M.A. Polce.

We work with small and medium-sized companies and public entities, providing cost-effective and reliable cybersecurity services throughout New York State. As an MSP and MSSP (managed security services provider), we also deliver numerous managed technology services to help with risk management. In addition, we offer assessment and compliance services to ensure your business adheres to regulatory guidelines and avoids fines and penalties.

With IT solutions from M.A. Polce, your business can achieve the level of security you need against rising cyberattacks and may see lower rates on cyber liability insurance premiums. Contact us today for more information about our services.


M.A. Polce partners with Cisco, the global technology giant, to deliver cutting-edge IT and cybersecurity solutions. Their collaboration offers businesses of all sizes access to Cisco’s advanced networking and security technologies, ensuring fortified digital landscapes against emerging threats. M.A. Polce’s certified experts work closely with clients to design bespoke Cisco-based solutions, optimizing efficiency and safeguarding critical data. Together, they provide unparalleled service and support, empowering organizations to thrive securely in today’s interconnected world.


Share with Your Network

Join Our Newsletter

Download the "How Strong is Your Cybersecurity Culture?" Checklist!