Cyber insurance is a relatively new concept for many small and medium-sized businesses (SMBs). It was first introduced in the 1990s, initially intended for large enterprises, covering incidents such as data processing errors.
The scope of cyber insurance has evolved since then and current policies now encompass the costs associated with a data breach, including remediation of malware infections and compromised accounts.
The frequency and cost of data breaches are on the rise. In 2021, a record number of data breaches were recorded and in Q1 of 2022, breaches increased by 14% compared to the previous year.
Small businesses are also vulnerable to cyber attacks and have even more to lose, as 60% of them shut down within 6 months of a cyber incident.
As a result of growing online threats and the rising cost of breaches, the cyber insurance industry is continuously evolving. Businesses must stay informed of these changes to stay insured.
Here are some key trends in cyber liability insurance to be aware of:
The average cost of a data breach globally is $4.35 million, and in the U.S., it stands at $9.44 million. As these costs continue to rise, so does the demand for cyber insurance.
All types of companies are realizing the importance of cyber insurance and recognizing it as a critical component of their overall business liability coverage. Without adequate protection, a single data breach can quickly lead to the downfall of a business.
The increasing demand for cyber insurance is leading to more availability of policies and a wider range of policy options. Despite the growing awareness of the need for cyber insurance, many small businesses still remain uninsured. This is often due to a lack of understanding of the coverage and a belief that they are too small to be targeted by cyber criminals.
The increase in cyberattacks has led to a corresponding rise in insurance payouts, driving insurance companies to raise premiums. In 2021, cyber insurance premiums increased by 74%.
The increase in premiums is a result of rising costs from lawsuits, ransomware payouts, and other remediation measures. Insurance carriers aim to avoid losses on cybersecurity policies and are making them more expensive. However, despite the rising premiums, many companies are still choosing to invest in cyber insurance as a way to protect themselves against the financial impact of a data breach.
In addition, having cyber insurance signals to stakeholders that the company takes cybersecurity seriously and is proactive in its efforts to reduce risk. This can help to restore consumer trust and maintain brand reputation after a breach occurs.
Finding coverage for certain types of attacks is becoming more challenging. For example, some insurance carriers are dropping coverage for nation-state attacks, which are attacks carried out by a government.
Many governments have connections to hacking groups. In 2021, 21% of nation-state attacks targeted consumers and 79% targeted enterprises. Be cautious when reviewing insurance policies that exclude such attacks.
Another type of attack payout that is being dropped from some policies is ransomware. Ransomware attacks increased by 24% between Q1 and Q2 of 2022.
Insurance carriers are no longer willing to pay ransoms for unsecured clients and are excluding ransomware payouts from policies. This shift places a greater responsibility on organizations to have a robust backup and recovery strategy in place.
Securing cyber insurance is becoming increasingly challenging, as insurance providers are setting stricter eligibility criteria to minimize risk. They are particularly cautious with companies that exhibit subpar cyber practices. It’s crucial for organizations to have robust cybersecurity measures in place to meet these stringent requirements and increase their chances of being approved for coverage. This can include implementing multi-factor authentication for all devices, regularly updating software and hardware, and conducting regular security audits and assessments.
A cybersecurity assessment is a comprehensive evaluation of an organization’s security posture, designed to identify vulnerabilities and provide recommendations for remediation. This process typically involves reviewing technical controls, examining user practices, and conducting penetration testing. By proactively addressing any vulnerabilities and conducting regular cybersecurity assessments, organizations can not only increase their chances of being approved for cyber insurance but also stay informed of their exposure to threats and enhance their overall security posture.
Cyber insurance can protect your business from financial losses in the event of a cyber attack, but securing coverage can be a complex process. When applying for insurance, you’ll typically be required to fill out a detailed questionnaire that covers various aspects of your cybersecurity posture. It’s a good idea to enlist the help of an IT provider who can assist you with this and identify any areas where you can improve your security. By taking steps to reduce risk, you can lower your insurance premiums and better protect your business against cyber threats. Conducting a cybersecurity review before applying for cyber insurance can save you both time and money, while providing peace of mind.