Having cyber insurance is a good idea if the costs make sense — it could be the difference between going out of business and staying afloat. But it shouldn’t be your first course of action.
The cost and occurrence of cyberattacks continue to rise.
According to the Identity Threat Research Center (ITRC), there were 17% more publicly reported data breaches through Sept. 30, 2021, than in all of 2020. IBM’s “Cost of a Data Breach Report” found the cost of data breaches increased from $3.86 million in 2020 to $4.24 million in 2021, the highest average total cost in the report’s history.
As the frequency, scale, and severity of cyberattacks grow, one industry now finds itself in a tricky situation: cyber insurance.
The Impact of Attack Surges on Cyber Insurance
In 2016, just 26% of insurance clients had cyber coverage. That number rose to 47% in 2020, according to a US Government Accountability Office (GAO) report. But the demand for cyber coverage isn’t the only thing soaring.https://ff3b27ffcec29308996d1b22f8262a69.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
At the end of 2020, insurance prices jumped anywhere from 10% to 30%. In the third quarter of 2021, the average cost of cyber insurance premiums climbed a record 27.6%.
If the rates continue to rise, companies might decide it’s not worth the cost. That is, if insurers continue to cover their industry.
How Insurers Are Handling the Changing Cyber-Threat Landscape
Aside from raising premiums, some insurers are reducing coverage for specific industries, including education and healthcare, limiting how much cyber coverage they offer or restricting contract terms. Some are extending standalone policies for cyber-risk rather than bundling it with wider coverage.
After 41% of cyber-insurance claims pertained to ransomware attacks in the first half of 2020, many insurance companies began capping how much they’ll reimburse for these attacks. In some cases, they’re shutting down reimbursements entirely. As of May 2021, global insurance company AXA will no longer provide ransomware crime reimbursement in France — a response to officials’ growing concerns over ransomware damage in the country after over $5.5 billion in total losses last year (second only to the US).
Insurers also being more meticulous about what security controls prospective clients are using. Simply taking the company’s word for it is no longer good enough.
Along with making customers fill out a standard questionnaire, many insurers are performing stringent examinations to ensure certain key controls are in place. Multifactor authentication (MFA), securely tested backups, and network logging and monitoring are just a few important criteria.
Ultimately, insurance companies must determine if the risk is worth it. Read more:https://bit.ly/3BXyTNH