One way that business owners in Fair Haven and other parts of the country protect themselves from catastrophic losses is through insurance.
Most businesses will have business liability insurance, property insurance, and may also have vehicle insurance, if applicable. For corporations that depend largely on a leader like a CEO, there is also a “Key Person” life insurance policy.
One more type of insurance that companies have increasingly found necessary is cybersecurity liability insurance.
Cyber liability insurance provides a safety net in the case of a cyberattack, such as ransomware, a data breach of sensitive information, or an insider attack due to credential compromise. For instance, if you own a cannabis business, you may need to consider getting a Cannabis cyber liabilities insurance policy to protect your business.
This type of insurance can prevent financial ruin if a small business is a cyberattack victim. 47% of surveyed small businesses have had at least one cyber attack within the past year.
Some common costs of cyberattacks include:
- The average ransomware recovery cost is now $1.85 million
- The average cost of credential theft rose 65% in the last year to $4.6 million
- The average cost of a data breach is at $4.24 million, an all-time high
Cybersecurity insurance can cover a wide range of costs associated with a cyberattack, including:
- Cost to restore data & computer systems
- Forensic IT services
- Costs for reputation damage control
- Legal defense costs
- Lost business during downtime
- Cost of the ransom paid to a ransomware attacker
However, due to the rise in cybercrime, the insurance industry has started pulling back on coverage and increasing premiums and IT security requirements for those applying for the insurance.
This started at the end of 2021 and will most likely continue this year as insurance carriers find that certain types of far-reaching attacks are too much of a risk for them to cover any longer.
What this means is that companies will have less of a safety net with a cyber liability insurance policy than they used to. That safety net will also cost them more.
This makes it more important than ever to ensure your cybersecurity protections are adequate for keeping your IT environment protected from an attack and kept updated to match the latest threats.
Ways That Cybersecurity Insurance is Changing
Dropping Coverage for Ransomware Payments
As many as 83% of ransomware victims pay the ransom to attackers when hit with ransomware. Even those with a backup of their data will pay if they think it will get them back up and running faster and they know that the insurance company will cover the costs.
Insurance companies are beginning to find that it’s no longer profitable for them to cover ransomware payments. One of the first carriers to drop this from its policies is AXA, which is no longer covering the cost of the ransom.
Many victims could have avoided having to pay a ransom if they only regularly tested their backup’s data restoration capabilities.
Eliminating Coverage for “Nation-State” Attacks
Major insurance carrier Lloyd’s of London recently made a big announcement that significantly reduces the protection of cybersecurity insurance. The firm announced that it would no longer cover data breaches related to attacks attributed to “nation-states.”
Cyberwarfare is carried out in multiple ways all the time over the internet. And some countries often use state-sponsored hacking groups to release malware like ransomware and spyware.
Many common attacks that end up hitting small and large businesses, not just other governments, can be traced back to these state-sponsored groups. This could mean that an attack you think you’re covered for, might not pay out a dime because the attack is connected to a nation-state.
The things that insurance carriers are willing to cover will cost you more in the future. As cyberattacks are increasing in volume and sophistication, carriers feel the need to raise premiums to reduce their risk.
During the first quarter of 2021, policies that covered ransomware payments saw double-digit increases in premiums each month of that quarter.
Increasing Cybersecurity Requirements for Policy Approval
You can expect it to be harder to qualify for cybersecurity insurance in the coming months. For example, companies that don’t have multi-factor authentication in place might not even be considered for coverage.
Insurance carriers are tired of paying to cover breaches that were completely avoidable through good cybersecurity hygiene.
Expect to see more stringent requirements, including:
- Cloud access security
- Advanced threat protection and endpoint detection and response (EDR)
- Privileged credential policies
- Documentation of third-party data privacy compliance
- Mobile device management
- Patch and update monitoring and management
- Next-gen antivirus/anti-malware
- Anti-phishing protection, like email and DNS filtering
- And more!