Cybersecurity Insurance

May 17, 2023 by
Mark Nash

Cybersecurity insurance is still a pretty new concept for many SMBs. It was initially introduced in the 1990s to provide coverage for large enterprises. It covered things like data processing errors and online media. Since then, the policies for this type of liability coverage have changed. Today's cyber insurance policies will cover the costs for things like:

  • Recovering compromised data
  • Repairing computer systems
  • Notifying customers about a data breach
  • Providing personal identity monitoring
  • IT forensics to investigate the breach
  • Legal expenses
  • Ransomware payments

Data breach volume and costs continue to rise. 2021 set a record for the most recorded data breaches, and in the first quarter of 2022, breaches were up 14% over the prior year. No one is safe; even small businesses find they are targets and often have more to lose than larger enterprises. About 60% of small businesses shut down within six months of being the victim of a cyberattack. The increase in online danger and rising costs of a breach have led to changes in the cybersecurity insurance industry. Businesses need to keep up with these trends to ensure they can stay protected. Here are some of the cyber liability insurance trends you need to know about.

Demand is Going Up

The global average cost of a data breach is currently $4.35 million. In the U.S., it's more than double that, at $9.44 million. As these costs continue to balloon, so does the demand for cybersecurity insurance. Companies of all types are realizing that cyber insurance is as essential as their business liability insurance. Without that protection, they can quickly go under in the case of a single data breach. With demand increasing, look for more availability of cybersecurity insurance and more policy options, which is good for those seeking coverage.

Premiums are Increasing

With the increase in cyberattacks has come an increase in insurance payouts, so insurance companies are increasing premiums to keep up. In 2021, cyber insurance premiums rose by a staggering 74%. The costs from lawsuits, ransomware payouts, and other remediation have driven this increase. Insurance carriers aren't willing to lose money on cybersecurity policies, so those policies are getting more expensive at the same time as they are more necessary.

Certain Coverages are Being Dropped

Certain types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for β€œnation-state” attacks. These are attacks that come from a government, as many governments have ties to known hacking groups. In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises, so if you see that an insurance policy excludes these types of attacks, be very wary. Another type of attack payout that is being dropped from some policies is ransomware. Between Q1 and Q2 of 2022, ransomware attacks increased by 24%. Insurance carriers are tired of unsecured clients relying on them to pay the ransom, so many are excluding ransomware payouts from their policies. This puts a bigger burden on organizations, so they must ensure that their backup and recovery strategy is well planned.

It's Harder to Qualify

Just because you want cybersecurity insurance doesn't mean you'll qualify for it. Insurance carriers aren't willing to take chances, especially on companies with poor cyber hygiene. Some of the factors that insurance carriers look at include:

  • Network security
  • Use of multi-factor authentication
  • BYOD and device security policies
  • Advanced threat protection
  • Automated security processes
  • Backup and recovery strategy
  • Administrative access to systems
  • Anti-phishing tactics
  • Employee security training

You'll often need to fill out a lengthy questionnaire when applying for insurance, including questions about your cybersecurity practices. It's a good idea to have your IT provider help you with this. As you review the questions, your IT partner can help identify areas where your cybersecurity can be enhanced. Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums. So, it pays to do a cybersecurity review before applying for cyber insurance. You can save time and money while fortifying your defenses against cyberattacks.