An AM Best analysis predicts that the hard market in cyber is “here to stay”, despite significant rate increases and a 75% boost in cyber insurance premiums in 2021. Citing standalone cyber premiums increased by 95% in 2021, surpassing the combined premiums of standalone and packaged premium totals for 2020. These stats do not carve out middle market from the larger risks, but it is consistent with what we’re seeing in our space.


By now, most of us have heard about MFA and its importance as a security control to help thwart ransomware attacks. MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. I think we’ve all experienced the painstaking process of implementing MFA following the shift to remote work as a result of the ongoing pandemic. Last year, MFA became a minimum requirement to get an underwriter to consider renewal options for our clients or to look at new business for clients that did not currently purchase.

This year EDR has started to become a focus for insurance carriers, similar to what we saw with MFA. Many insurers are requiring EDR, while those who are not yet requiring it as a minimum security control are looking at it as a strongly recommended one.  More favorable options can be anticipated if clients have EDR implemented.  If a client has had any claims activity, we oftentimes see EDR being even more of a focus and typically a requirement.

EDR is designed to continuously monitor end user devices to detect and respond to cyber threats. An EDR

solution monitors all endpoints (laptops, servers, workstations) in the environment and creates more visibility.

This makes it easier to detect and respond to incidents with speed.

If you do not have EDR, you should engage a network security firm for assistance. Please contact me for a list of referrals.

Other forms of network security include:

  • Email filtering
  • Managed Detection & Response (MDR)
  • Reliable backups with multiple copies and the ability to restore from these backups. It is essential that the ability to restore is tested regularly.
  • Tested Incident Response Plan
  • Removal of End-of-Life Software or segmentation
  • Dark Web Monitoring
  • Employee Training

The best way to navigate this turbulent cyber market is to be properly prepared with effective network security implemented well in advance of renewal. Have these conversations with your broker at least 6 months prior to renewal.

National Cyber Claims Lead
Cyber Practice Leader
Direct line: (978) 661-6625