Cyber insurance is getting increasingly hard to get.

With ransomware costs skyrocketing, insurers have been looking for ways to guard against massive payouts.

One way to do that is to increase premiums. The change has been noticeable over the last few years:

Line chart showing a dramatic increase in the costs of cyber insurance premiums, 2017 to 2020

Source: Government Accountability Office


One way they've done that is by requiring more stringent security, and limiting the number of companies they insure.  

One place where this change has been felt? The K-12 education sector.

In one article on the state of cyber insurance in education, the change in the application process is detailed. It's all gone from simple to complex, very fast. The idea is to insure those with the best possible security, reducing the chance that an attack will lead to major damages. Now, insurers want to know how respondents are set up in these areas:

  • Email security
  • MFA adoption
  • Backup procedures
  • Endpoints
  • User awareness
  • Encryption
  • Firewalls

This has served as a wake-up call for many organizations, that either don't have all these systems in place, or they are in need of updating.

Since any business--and schools--that hold personal data on their computers could benefit from cyber insurance, these requirements are going to leave a lot of firms and districts out of luck. 

The simplest and fastest way to reduce your attack surface--and become more attractive to insurers--is to deploy email security that prevents malicious emails from reaching the inbox. Phishing is the number one cause of breaches and ransomware. Take that away and your risk profile drops dramatically.