Getting cyber insurance right for your business
The costs of cybersecurity insurance are rising, but so are the liabilities. Here’s how to get the right coverage without breaking your budget.
Getting cyber insurance right for your business
By now, most organizations understand that it is not a matter of if they’ll suffer a cyber incident, but how and when it will happen.
If your organization is like most, you have built a cybersecurity system designed to prevent attacks or mitigate them when they happen. A complete security program should also include cybersecurity insurance, for a number of reasons. However, acquiring the right policy for your needs has become more challenging than it once was.
“As demand for cyber insurance has increased, so has uncertainty about the market,” reports the U.S. Government Accountability Office (GAO).1 “The uncertainty about future threats also plays a role, and insurers have become more selective about who and what gets covered.”
The more you know about cyber insurance, the better your chances of breaking through the log jam and getting the right type of coverage—and without going over budget.
How cybersecurity insurance enhances a strong security system
Cybersecurity insurance is meant to reduce financial losses in the aftermath of a cyberattack. But it also ensures that your organization has certain standards of risk prevention in place. Your coverage depends in large part on whether or not your security system meets criteria, based on your organization’s needs. The stronger your security program, the better your insurance coverage.
If you do business over the internet or your company stores any type of sensitive information, you need to think about cyber insurance. Again, your insurance needs will depend on the amount of risk your organization faces—and all types of industries are seeing a rise in risk, largely due to ransomware attacks. The banking industry alone saw a 1300% increase in ransomware attacks in 2021.2
Rising costs of cybersecurity insurance
Growing risks are forcing an increase in the cost of cyber insurance. “Industry sources said higher prices have coincided with increased demand and higher insurer costs from more frequent and severe cyberattacks,” according to the GAO report. Rates increased by 89% in the last quarter of 2021, a Risk Strategies study3 found, due to insurance carriers taking corrective action because of the rising numbers, costs of attacks, and stricter compliance regulations.
“The higher-risk environment has resulted in written premiums for all cyber policies jumping to $4.83 billion in 2021, a 74% year-over-year increase from $2.77 billion in 2020,” S&P Global Market Intelligence reports.4 And rates have continued to climb throughout 2022.
This is forcing insurance companies to rethink the coverage they offer. Some agencies are no longer doing blanket coverage for companies, but rather focusing on specific risks. Lloyd’s of London, for example, is phasing out coverage for state-sponsored attacks.5
Finding coverage for ransomware attacks has also gotten more difficult, as carriers consider dropping or decreasing the level of coverage. Those that do continue to offer it are pricing it so high that it may not be cost effective for companies, especially SMBs, to buy in.
Cybersecurity insurance can draw cybercriminals
Cyber insurance is supposed to offer a safety net for organizations—and depending on the coverage, it will help a victim manage the expenses accrued during the aftermath of a cyber incident.
But having cyber insurance can actually make your organization a bigger target for a cyberattack. Threat actors know that insurance will often cover the costs of a ransomware attacks, so insured organizations are more likely to pay the ransom. And if they do get paid, you can be sure that they will return.
Even with insurance, you need a strong cybersecurity program
For your most valuable assets, cyber insurance is a must. Even with the rising costs, it will be even more costly—including possible bankruptcy—if you’re hit with a cyberattack and do not have that financial safety net.
You won’t qualify for cybersecurity insurance without a strong security program in place that includes regular audits and testing, best practices like multi-factor authentication (MFA) and least privilege policies, and ongoing security awareness training.
Yes, cyber insurance is expensive and harder to get. But, keep in mind that the true protection of your business comes from the cybersecurity program you have in place.
1 “Rising Cyberthreats Increase Cyber Insurance Premiums While Reducing Availability,” U.S. Government Accountability Office, gao.gov.
2 “Attacks Surge in 1H 2021 as Trend Micro Blocks 41 Billion Cyber Threats,” Trend Micro, trendmicro.com.
3 “State of the Market 2022 Report,” Risk Strategies, risk-stategies.com.
4 "Insurers revisit cyber coverage as demand, premiums spike," S&P Global Market Intelligence, spglobal.com.
5 "State backed cyber-attack exclusions," Lloyd's, lloyds.com.
More from The Sphere Blog
Helping to identify the intersection of people, process, tools and budget for optimal risk control.