Cyberattacks are expensive. From state fines to data restoration to breach notifications and credit monitoring, a single cyberattack can siphon your revenue.
According to IBM’s “Cost of a Data Breach Report 2025,” the worldwide average data breach cost was $4.44 million in 2024, down for the first time in years. However, costs in the U.S. surged to $10.22 million, 9% higher than in 2023. Regulatory fines and detection and escalation costs contributed to the increase.
Eighty-six percent of IBM’s 2025 survey respondents experienced a data breach that disrupted their ability to process sales orders, provide customer services and keep their production lines running.
Add a tarnished reputation and lost customers to the mix, and you could have bankruptcy-level expenses without proper planning and protection. Cybersecurity and cyber liability insurance are necessary components of every risk mitigation plan.
Cyber liability insurance applications
Cyber liability insurance applications ask about network and data security, vendor and privacy controls, and response planning. You might not need to hit every item on a cyber application, but it’s good to aim high on prevention measures.
Think of cybersecurity in terms of layered protection. The more complex your operations and networks are, the more layers you’ll need to stay safe. A well-planned cybersecurity strategy can strengthen your cyber application.
The following highlights some measures you can take to increase your cybersecurity resilience.
Use preventive AI for cybersecurity automation
AI and cybersecurity automation can reduce network breach costs by identifying intruders quickly. According to IBM’s report, cybersecurity teams using robust AI and automation shortened their breach detection times by 80 days and lowered their average breach costs by $1.9 million compared to organizations that didn’t use these AI detection solutions.
Even so, many companies continue to rely on traditional cybersecurity solutions like web application firewalls (WAFs) as part of their defense strategy. WAFs use a signature database to compare incoming web traffic against known patterns of cyberattacks. However, these solutions have limitations and may fail to detect attacks if the signature database doesn’t contain a specific pattern.
Conversely, AI-based cybersecurity systems detect evolving threats by analyzing attack anomalies dynamically, in real time. Cybercriminals also leverage AI tools to create increasingly sophisticated attacks that morph in real time to evade detection. This race between attackers and defenders highlights the challenge to keep pace with evolving cybersecurity strategies.
Safeguarding artificial intelligence
The proliferation of artificial intelligence (AI) tools has surfaced new risks. Due to its conversational nature, it’s easy to forget that AI is an IT tool that draws from data stores, like any computer software.
Oversee your generative AI tools and create use policies
If you’ve adopted generative AI, secure it with best practices and governance controls:
-
Use data security controls, like encryption, access management and compliance monitoring, to protect AI models from misuse and data leaks.
-
Use cybersecurity to scan for vulnerabilities. For example, you could engage an automated AI program to patrol the cybersecurity of your generative AI systems.
Maintain strict system integrations and access policies to guard against malicious inputs or outputs. Hackers can exploit chatbots or source databases used to train generative AI to inject corrupt data. This can result in incorrect data outputs.
You can guard against data poisoning, model evasion, and model extraction with automated detection and response programs. Implementing a response playbook for all types of cyber threats is also important. More on this below.
Visit the National Institute of Standards and Technology’s Trustworthy & Responsible AI Resource Center for information on managing AI risk.
Use oversight to prevent AI shadow data risks
Companies are adopting AI at high rates, but not creating oversight and governance programs to contain it.
Shadow AI is when employees use unsanctioned software that flies under the company’s radar. If your employees use generative AI tools like ChatGPT to write reports, crunch data or create programming code, they could accidentally expose sensitive data while using the tool. Since there’s no official oversight, your cybersecurity team won’t monitor it. Shadow AI can expose sensitive data internally and externally, making it a treasure trove for hackers.
IBM’s report revealed that of the organizations that suffered a cyberattack, 20% involved shadow AI. Notably, 97% of organizations reporting an AI-related breach involved AI systems without proper access controls. Sixty-three percent reported having no active governance policy. Even when businesses reported having an AI governance policy, most didn’t have a formal approval process for AI deployments. Only 34% of businesses with an AI policy reported regularly auditing for unsanctioned AI use.
Insurance companies evaluate your operational risk
An insurance company will scrutinize your cybersecurity based on your operational risk. This involves the type of data you store, transact and process.
For example, regularly processing credit cards is riskier than rarely processing them. Maintaining client medical files on a cloud server connected to application programming interfaces (APIs) is more complex than having an encrypted internal database with limited external access.
Even if you’ve outsourced your cybersecurity to a third party or cloud vendor, you’re still liable for the data you collect. The IBM report revealed that 30% of breaches involved data stored across multiple environments, which also cost the most at $5.05 million on average. Public clouds came in second, representing 23% of breaches, while private clouds came in last at 19%.
The more points of entry you have in your network, the more security you need. That’s why insurance companies consider security measures like MFA so important.
Add multifactor authentication
Adding multifactor authentication (MFA) to your cybersecurity protocols can help prevent cyberattacks no matter where your data resides. MFA requires anyone attempting to enter your network to provide their user credentials and one or more other factors to verify their identity. Typically, the second factor is a code sent to another device, such as a cellphone, but it can also be biometric data, like a fingerprint.
MFA is a cost-effective deterrent to unauthorized access for many business operations. Ideally, you should be able to answer “yes” to these questions:
-
Employees use a website or cloud-based MFA service to access their email.
-
All employees, contractors and third-party service providers with remote network access use MFA.
-
MFA is required to access and run network and data backups.
-
MFA is required for anyone accessing firewalls, routers, switches or other infrastructure.
-
Extranets, intranets, networks and other endpoints or servers require MFA.
Any “no” answers will require an explanation. Too many “no” responses indicate lax cybersecurity and could result in higher premiums or an application denial.
Pro tip: The insurance company is looking for a rounded approach to MFA, meaning you require it across internal and cloud servers. These include the APIs you use. But don’t fib to get a favorable rate. After a cyberattack, the insurance company will conduct a forensic investigation. They’ll deny your claim if you’ve been untruthful about your cybersecurity protocols.
There are also cybersecurity measures beyond MFA to bolster your cyber insurance application.
Limit your account access
Limit access to admin accounts and lock down access to sensitive data. This prevents hackers from exploiting entry-level accounts to crawl your system for higher-level targets. Even if they dupe an employee in a phishing attack, they’ll have less to work with once they access the account.
Pro tip: When you get to the network security portion of the cyber application, you’ll encounter questions about your controls. Anything that allows someone to create accounts, manipulate emails, control operations or deploy things on a network should be highly guarded. Restrictions are smart.
Segment your network
Segmenting your networks can help cordon off and isolate intruders after they breach your systems.
Think of a cyberattack like a building fire. After a fire starts, it travels across surfaces looking for fuel to burn and grow. But if the building is sectioned off with fire doors, you can slow the spread of the fire and limit the damage.
Similarly, when you divide your network into subnetworks, you can contain the damage the breach causes. But without network segmentation, it could rip through your entire system like an inferno.
Establish multilevel defense tools
Your cyber insurance application will ask about multilevel defense tools. These serve different but complementary roles in a layered intrusion detection strategy:
-
Intrusion detection systems (IDSs) watch the perimeter for suspicious activity and send alerts.
-
Intrusion prevention systems (IPSs) guard your system, spot intruders and stop them.
-
Data loss prevention (DLP) tools contain your sensitive information and hide it if an intruder gets in.
Intrusion detection systems
An IDS is like a security monitoring system. It monitors your network, scanning for suspicious activity or potential threats. If it finds something, it alerts your IT team. An IDS doesn’t act. It just reports.
Intrusion prevention systems
An IPS detects threats and blocks them. It notifies the IT team and launches a response to deter the intrusion.
Data loss prevention tools
DLP tools automatically detect when someone tries to access data. If an unauthorized or unrecognized user attempts to access, transfer or print data, the DLP tool encrypts it and stops the transfer.
Modern IPS and DLP platforms use AI and machine learning to refine their performance and get smarter over time.
Create an incident response plan
An incident response plan (IRP) is a written document that addresses how you’ll respond after a cyberattack. It helps you reduce downtime and keep your business running. It can be part of your general disaster response and business continuity plan or a stand-alone document. It clarifies roles and responsibilities before, during and after a cyberattack. Include a list of people to contact during a cyberattack to avoid confusion.
After you’ve solidified your plan, test it. Then, train your employees on it and implement a cyber awareness training program for them.
Pro tip: Your IT recovery plan should include an inventory of your business-critical hardware, software and data. It should list where you back up your data, how often you back it up, and the critical software and hardware required to access it. Your cyber insurance carrier wants to see that you’ve planned to protect your business and are ready to pivot after a cyberattack.
Make a plan
Getting cyber liability coverage can be challenging if you don’t have a documented cybersecurity and risk plan. You’ll need to reapply for cyber coverage each year, so maintain and improve your programs. As your security layers become more robust, you could reap the benefits of better coverage, lower premiums or both.
