Cyber insurance renewal — premiums up 40% and new exclusions
Just got our cyber insurance renewal. Premium up 40%, deductible doubled, and new exclusions for:
- State-sponsored attacks
- Unpatched known vulnerabilities (>30 days)
- Lack of MFA on admin accounts
The insurer is now requiring proof of:
- EDR on all endpoints
- MFA on all remote access
- Offline backups tested quarterly
- Employee phishing training
Anyone else getting squeezed? What are you doing to manage costs?
Exact same experience. The way to keep premiums down is to over-document your security controls. We created a "security posture deck" that we send with every renewal. Includes AlertMonitor dashboards, EDR coverage stats, backup test logs, and training completion rates.
The unpatched vulnerability exclusion is the scariest one. 30 days means you need a real vulnerability management program, not just "we'll get to it." AlertMonitor's software monitoring helps here — you can prove patch status across the fleet.
We switched carriers and saved 25%. Shop around — different insurers weigh controls differently. Some care more about MFA, others about backups. Find one that values what you're already strong at.
The MFA requirement is going to catch a lot of small businesses. We still see clients with RDP exposed to the internet with password-only auth. That's an instant denial now.
Verified Access Required
To maintain the integrity of our intelligence feeds, only verified partners and security professionals can post replies.
Request Access