Building Business Resilience

How cyber insurance fits into your risk management plan

Navigating an increasingly challenging cyber insurance market

As organizations transition to remote or hybrid workforces, the digital attack surface widens immensely. This allows threat actors to target businesses with ransomware and other attacks more efficiently, demanding record-high payouts and inflicting significant business damage. According to the FBI, in 2021, the IC3 received 3,729 complaints identified as ransomware with adjusted losses of more than $49.2 million.1

Once a business has fallen victim to ransomware, its options diminish greatly. Forbes reported that in 2021, more than 60% of those hit by attacks paid the ransom.2 In addition to ransom payouts, cyber insurance providers frequently cover extensive costs for incident response, forensics, and notifications to affected individuals.

Challenges for a different reality

There is no silver bullet to predicting whether an organization will be targeted by ransomware, as Coveware has reported that 55% of ransomware attacks targeted businesses with fewer than 100 employees.3

This has made it increasingly difficult for insurers to develop a risk assessment model for customers. Unlike life insurance, where insurers can draw from years of research to develop actuarial tables and make financially acceptable risk decisions based on medical tests and questionnaires, the reality is different for the cyber insurance sector.

As a result, cyber insurance customers are subjected to substantial increases in premiums along with sub limits for ransomware. A full understanding of the policy terms and conditions is critical to a comprehensive risk mitigation strategy.

Improving their risk assessment models

For cyber insurance providers and brokers, risk assessment starts with understanding customer security posture. This is gathered through questionnaires to gain insight into a business’ security configuration or external vulnerability scans.

Environments with disconnected products, understaffed teams, and diverse compliance and data protection regulations are most vulnerable. Trend Micro Research reported that approximately half of all serious incidents begin with the exploitation of unknown/unmanaged internet-facing assets, with the remaining 50% due to social engineering via phishing.

Trend Micro One unified cybersecurity platform includes market-leading capabilities for securing clouds, endpoints, email, networks, and IoT environments, with built-in security operation capabilities like XDR, risk insights, and more.

With visibility and continuous risk assessment across the organization, organizations can adapt quickly to new business and compliance needs while helping to fulfill many cyber insurance requirements.

Common Application Questions

Questions that insurers will likely ask at renewal or initial application phase

In the current cyber insurance market, it’s important for businesses to be prepared, as some of the configurations that insurers require can take time to implement. Here are the most common insurance applications questions related to Trend Micro solution configurations. 

Is multi-factor authentication (MFA) deployed?

Why is this important?


Required by many insurers, MFA is an essential security control that slows attacker activity. It makes exploiting passwords obtained through phishing more challenging and credential dumping a less valuable tactic.  

What endpoint protection software is deployed? Is it “next-generation” AV?

Why is this important?


Strong endpoint protection on employee endpoints and servers is paramount to slowing attackers and detecting early attack stages and impact phases (such as ransomware encryption). “Next-gen” modern endpoint protection uses behavioral detection, machine learning, and other non-signature techniques. Using signatures alone is an outdated approach, ineffective against modern attackers.  

Is endpoint detection and response (EDR) deployed?

Why is this important?


EDR is an important capability enabling IT security teams and managed service providers to better detect attacker activity. EDR can help detect attackers in early stages when they are “living off the land.”

How does your security team manage endpoint detections and alerts?

Why is this important?


Overwhelmed security teams can overlook serious detections from endpoint protection and EDR solutions, allowing attackers infiltrate your environment, or successfully complete attacks before the security team becomes aware. Insurers may want to assess your ability to respond to alerts or boost your security team with managed service providers.

What is your vulnerability assessment/patch management process?

Why is this important?


Attackers are quick to take advantage of remotely exploitable vulnerabilities, gaining a foothold in your environment and leveraging vulnerabilities to move laterally in the environment. An effective vulnerability assessment program shows insurers that you can quickly detect and remediate serious vulnerabilities.

What is your backup strategy?

Why is this important?


Data backup is an important defense against ransomware, reducing the time to recover business operations. Backup is not a 100% effective defense, as attackers can also exfiltrate data for leverage, or target backups for encryption.

Can you describe your email security?

Why is this important?


Phishing is a substantial attack vector targeted by ransomware, business email compromise, and other serious attacks. Modern email security capabilities are an essential security control to detect these attacks before they reach endpoints.

Join the 500,000+ customers who are leveraging the Power of One.

Cybersecurity can be beautiful. World-renowned data artist, Brendan Dawes, created this piece from millions of Trend Micro security data points that stunningly illustrates our extended detection and response across multiple IT layers. See more works of art at