As more organizations transition to the cloud, robust cybersecurity within cloud environments is more necessary than ever. Recognizing this need, Amazon Web Services (AWS) recently announced its new Cyber Insurance Program to help match customers with cyber insurance providers.

In this article, we’ll explain what the AWS Cyber Insurance Program is, how to use it to obtain cyber insurance coverage, and how improving your overall cybersecurity posture could help you qualify for a lower premium. Let’s dive in!

What is the AWS Cyber Insurance Program?

The AWS Cyber Insurance Program helps AWS customers enhance their security posture and expedites the process of purchasing cyber insurance through a catalog of approved companies in the AWS Partner Network (APN). Unlike traditional insurance processes that can take months to complete, AWS’s streamlined approach lets organizations secure cyber insurance coverage in as little as two business days.

This expedited timeline significantly reduces the administrative burden and accelerates the time to coverage for organizations. By minimizing the lengthy and complex underwriting procedures often accompanying insurance applications, AWS’s Cyber Insurance Program allows businesses to focus more on their core operations and cybersecurity readiness.

Leveraging the APN amplifies these benefits, as organizations can benefit from channel partners’ expertise to fulfill their specific security requirements, further strengthening their cybersecurity. More on that in a bit.

How to get started with the Cyber Insurance Program

AWS customers can find cyber insurance through the AWS Cyber Insurance Program by logging into their AWS portal to access the AWS Security Hub. From there, customers can generate a security posture report that contains crucial information for insurance companies.

By analyzing the security posture report, insurance providers gain valuable insights into the customer’s AWS environment, infrastructure, and current security posture, giving them a better understanding of the customer’s cybersecurity practices, vulnerabilities, and overall risk level. Based on the risk assessment, the insurer reviews the customer’s insurance coverage application, taking into consideration the information from the security posture report and any additional data provided by the customer to determine the level of risk associated with insuring the customer against cyber threats.

Once complete, the insurer designs the policy tailored to the customer’s needs and risk profile and calculates the premium based on the assessed risk.

Creating incentives for good cybersecurity hygiene

AWS and its partner network can also work with customers to improve their security posture, helping organizations with more robust security measures and lower risk levels qualify for lower premiums. Resilience is one such cyber insurance provider and AWS Cyber Insurance Program partner that does just that.

In an interview, Resilience Chief Risk Officer (CRO) Richard Seiersen told NerdRabbit that cyber insurers can incentivize good cybersecurity practices by limiting coverage available for certain types of cyber risk — a type of insurance policy limitation known as a sublimit. Policyholders can work to have sub limits removed for cyber risks such as ransomware, for example, by taking steps recommended by Resilience to improve their cyber defense.

“[A sublimit] creates a financial motivation to improve your security,” Seiersen said. “So the economic opportunity and technical details from a Quantified Cyber Action Plan (Q-CAP) can help here. These are the steps you can take to buy down your risk and, ideally, become more efficient as it relates to your insurance. It’s a capital-efficient way of improving security.”

The result is a net positive for policyholders. By incorporating financial incentives to promote good cyber hygiene, insurance providers can help organizations make sure they are adequately protected and maintain a secure environment for their digital assets and operations.

How organizations can maintain or lower their cyber insurance premiums

According to Baker Tilly, cyber insurance is becoming more expensive due to increased cybercrime. This leads to more claims filed with the provider, which, in turn, drives up premiums. Thankfully, there are steps Baker Tilly recommends organizations take to lower their overall risk profile and potentially maintain or lower their cyber insurance premiums year-over-year.

  1. Hire cybersecurity specialists. Working with a cybersecurity specialist is one of the best ways to lower cyber risk. Not only can specialists harden your systems and conduct pen tests, they can also develop a cybersecurity framework for your organization, encrypt sensitive data, create backup and recovery protocols, and train staff on cybersecurity best practices for day-to-day operations.
  2. Develop cybersecurity protocols. This doesn’t require hiring a full time cybersecurity specialist, but even hiring one on a contract basis for a few hours can make all the difference. Create an organizational cybersecurity framework and develop a response plan in the event of a cyberattack or data breach. Vetting vendors with access to sensitive information is a good idea as well as creating a process for employees to report phishing attempts.
  3. Use security tech. This can be as simple as requiring employees to enable multi factor authentication (MFA) on critical accounts, but it can also include other technology solutions like antivirus software, backup and recovery software, corporate VPN, network monitoring software, and security information and event management (SIEM) software.

Remember, these are just starting points. Cybersecurity is not a one-size-fits-all, so it really is best to consult an expert to develop tailored cybersecurity protocols to best protect your organization.

Bridging the cybersecurity skills gap

Due to increased demand and limited supply, hiring a cybersecurity specialist can be a challenge for many organizations. NerdRabbit can help bridge your cybersecurity skills gap by matching you with pre-vetted, highly qualified specialists ready to improve your risk profile. Contact us today to learn more about how we can help you engage top cybersecurity talent.

Scalable cloud talent, on demand

Hourly, contract, contract-to-hire, full-time—we've got you covered. Explore our cloud talent solutions today to get the help you need.

Headshot of Emma Brockwell.
About Emma Brockwell
Emma Brockwell is the former Partner Manager Intern at ReluTech, a Catalyst Tech Ventures company. She is currently pursuing a BS in marketing at the College of Charleston.

Related articles