Should your business buy cyber insurance in 2022?  

That’s a good question.  

And to give an answer, we’d need to have a conversation about your business and its unique risks—which is something a blog post can’t do. So, in lieu of sitting down with you, let me share some guiding observations.  

I’ll start by saying this: Cybersecurity isn’t a silver bullet.  

Proactive IT is excellent at prevention. That’s what competent IT companies do for the most part. But there isn’t much we can do to stop a human being from making a mistake and allowing a compromise in the first place.  

Effective IT can fail. And if it does, you want resources at your disposal to recover. Good IT and good cyber insurance are two pages from the same recovery book.  

If you do plan to buy cyber insurance this year, here are some facts to be aware of…  

1. Carriers are getting smart.  

I’ve seen six or eight different applications from different carriers. And they all have something in common…  

Insurers are getting smart about what actually mitigates risks.  

They’re starting to demand certain things from organizations because that’s how they drive down losses (hence the value of having an IT security vendor that’s versed in the best practices insurance carriers are looking for). They’re in business to protect you, but they’re also concerned about making money. 

2. When you buy cyber insurance, be aware premiums are rising.  

In June of 2021, The Washington Post reported the following:  

“The majority of insurance companies are raising premiums for plans that cover damage from hacks, including ransomware attacks. Prices for at least half of insurance buyers went up 10 percent to 30 percent in late 2020, according to a survey cited by the U.S. Government Accountability Office.”

As the president of Proactive IT, I’m a business owner, too. What we’re paying for insurance coverage has more than tripled. The insurance industry has figured out that cyber losses are happening—pretty significantly. And they’re taking action.  

3. The cost of cyber insurance won’t necessarily erase the benefit.  

In October, we held a webinar with the Windermere Insurance Group. During the session, one Windermere panelist called attention to the fact that the benefit of cyber insurance can still outweigh the cost.  

He shared that a client with approximately 175 employees and $20 million in revenue has a $2 million policy for less than $7,000.  

(You can find our full discussion here and this particular insight around the 55:30 mark.) 

4. Cyber hygiene is a prerequisite for coverage.  

During the webinar I just mentioned, one panelist said the following…  

“I’m not going to be able to sell you an insurance policy if you don’t have good IT hygiene.”

Keep this in mind before you begin filling out policy applications.  

These aren’t my words—they’re coming from an executive vice president at an insurance organization. However, I do concur.  

In 2022, your insurer isn’t going to cover your business if it fails to follow key practices for mitigating risk. If you want to buy cyber insurance in 2022, I’d highly recommend shoring up any cybersecurity gaps.  

5. The right cyber hygiene practices may lower your premiums.  

Cyber hygiene isn’t just a prerequisite for coverage. The decisions you make in this area may impact how much you pay.  

We’re actually going through this with a client. We’re interacting with both the carrier and the CTO, figuring out which hygiene practices will lower premiums.  

Preparing your business to buy cyber insurance  

Will your business buy cyber insurance this year? 

If the answer is yes, securing coverage may take more than sending over an application.  

If you need to address risk so an insurance carrier will underwrite a policy for your business, we’re here to help.  

Reach out to us at or 704-464-3075 extension 3.      

Dedicated to IT security and productivity,  

– Steve

Steve Kennen, president of Proactive IT and cybersecurity expert

About Steve Kennen

As an expert in information technology infrastructure management, cybersecurity, and cyber risk management practices for small businesses, Steve spearheads initiatives that keep his clients secure and their business operations running smoothly. His core message is that the details matter.