Requirements Are Changing for Cyber Liability Insurance Policies

Businesses are reaching out weekly for help meeting the requirements to purchase cyber liability insurance.

The AME Group recently hosted webinars with guests from the insurance industry who confirmed the reason for this change.  They saw a handful of pre-requisite questionnaires in 2020, but now they get several every month.  The length of the questionnaire has grown and now insurance carriers also want proof of your answers.

Why the change in cyber insurance requirements?

It’s a simple answer – $$$$$. Cybercrime has grown into a profitable business model. More security breaches are occurring. Businesses are slow to implement security controls.

Criminals demand higher ransoms.  They are getting smarter and more organized.  They look up your company revenue and ask for about 10%.  Depending on the size of your business, the standard insurance coverage may not be enough. 

Insurance carriers know how cybercriminals attack. They also know what security controls businesses have in place, what worked and what didn’t.  With large claims now commonplace, insurance carriers are expecting much more from the businesses they insure.  You can no longer pay a bit more for coverage and do less. 

What are insurance carriers requiring for cyber liability coverage?


They will expect you to have multi-factor authentication / 2-factor authentication in place. MFA/2FA is best practice for your business emailBusiness Email Compromise is one of the most financially damaging online crimes.

With the mass shift to remote work, they also require remote access to have MFA.  The standard recommendation is individual user authentication through VPN with MFA. 

Privileged Users need MFA – those who access admin level accounts.

Research shows that MFA blocks 99.9% of login attacks. But according to Microsoft, only 18% of its own customers have enabled multi-factor authentication.  This statistic is shocking considering it comes with the Microsoft license and it is not very difficult to implement.

Microsoft has many security features that you should turn on and configure, such as GPS-based conditional access feature.  This looks your user’s GPS location which creates an additional level of protection if MFA is hacked. 

NOTE:  security is not an “out of the box” feature.  It is separate from a standard implementation of or migration to Microsoft 365.


Many want to see the results of your latest Security Risk Assessment.  An SRA inventories your network setup and security controls to identify your vulnerabilities. It provides a workplan to strengthen your security. 

Cybersecurity Training

More than 80% of breaches involve human error or compromise.  Insurance carriers want to know that you train your employees on the threat they face. Humans require ongoing training and experiences to make them effective at fighting cyber crime and social engineering. 


A current and tested backup can save you hundreds of thousands of dollars in ransom.  That is why insurance carriers are interested in your backup and disaster recovery plan. The 3-2-1 Backup Strategy works for most.  Three copies of your data: 1 in production and 2 copies.  Of the TWO copies, ONE off-site and separate from your network.  Infecting your backups is a goal of the hackers.  The average time a hacker is in your system before noticed has decreased tremendously over the past 2 years. Reports now show 11-56 days on your system before detected. This gives them time to locate and infect backups from long ago. Regular verify backups (at least monthly) and restore critical app servers.

Even with backups, your business will still be disrupted. Having cyber liability insurance is vital to off-set the cost of a data breach. The insurance carrier has a team of experts ready to respond day or night. With a plan and fast action, you can minimize the impact of an attack or other disaster.

BREACH EXAMPLE – Business Email Compromise

Hello. We have a problem.  We just wired $69,000 to a crook.

BUSINESS: Medical Practice

ATTACK:  Business Email Compromise.  Practice Manager’s email compromised.  They watched and learned the process of paying vendors.  Attackers followed the process but diverted the funds into a different account at the same bank.

IMPACT: Money unrecovered. Turned on security features in their current Microsoft 365 subscription, which included MFA.  Implemented 2-person approval process for wire transfers requiring verbal confirmation.  Held breach prevention training for all staff.


Hello. We’ve got a problem.  Our network is being held for ransom.

BUSINESS: Steel Industry Manufacturing Plant with over 100 users.

ATTACK: Criminals accessed their network by entry through an UNMANAGED and UPATCHED firewall with REMOTE ACCESS. EDR (endpoint detection and response) was in place, but attackers gained DOMAIN ADMIN and simply deleted key files and manually deployed ransomware to servers. Hackers also compromised their O365 Email.


Loss of production x 7 days with 5-figure loss each day.

No backup of critical financial server, so paid a 6-figure RANSOM.

Decryption key was not 100% successful in recovering the data, which is typical.

Forced all employees to change passwords and implement MFA.