ARTICLE

Cybersecurity Insurance Premiums Are On The Rise. Here's Why...
Cybersecurity insurance policy holders experienced soft-market premiums for the last 15 years, but that is no longer the case as premiums soar. When loss ratios increase for insurance companies, the market starts to harden. 
 

According to S&P Global, the cybersecurity insurance market saw loss ratios of almost 73% in 2020. So, for every dollar that was collected in cyber insurance in 2020, about 73 cents was paid out in claims.

This recorrected slightly in 2021, with the direct loss ratio decreasing to 65.4%, but premium prices show no sign of slowing down.

Insurance Icon

Cybersecurity insurance is a policy product available through most business insurance providers that cover the costs incurred as a result of a cyberattack.

Article Sections

Article Sections

Ransomware Attacks Are Costing More Money

Cybersecurity coverage depends on the insurance provider, but often includes costs associated with a cyberattack such as:
 
  • Legal fees
  • Cost of experts to handle negotiations and/or regulatory issues
  • Loss of income due to business interruption
  • Credit monitoring services
  • Public relations fees for reputation repair
  • A ransomware demand (add-on feature in most cases)

One of the key reasons cybersecurity insurance premiums have sharply increased is because each year, payouts for ransomware attacks rise.

In 2021, Colonial Pipeline experienced a ransomware attack that cost the company $4.4 million in cryptocurrency. This attack was so significant that it drove up the price of gas across the United States. Working with law enforcement, Colonial Pipeline was able to only recover $2.3 million.

The losses associated with a ransomware attack are not just the demand for payment. As alluded to in the coverage list for cybersecurity insurance, the loss in productivity and revenue along with the fallout from exposing your customer’s data can result in a devastating blow to your reputation and bottom line.

In the case of a data breach or the inability to conduct business, public relations experts can help develop a crisis communications plan. This also requires your team to act fast, expend significant budget, and invest internal resources to coordinate with the PR team. Customers, the public, and internal staff need to know how the cyberattack impacts them and why they should still trust your organization.

Chapter 4

 

Blog Post Graphics (27)

When your data is being held hostage, you will need help from law enforcement and experts in cybersecurity negotiations — these services are not free and require internal resources as liaisons.

You should also be prepared to deal with major productivity losses if employees are locked out of their accounts. Even if access is restored, data loss could mean that your team is suddenly missing the resources they need to do their jobs, or that they need to complete a significant amount of rework.

Threat Actors Have More Access Points Than Ever

Another main reason that cybersecurity insurance premiums continue to rise is that cybercriminals are finding more ways to access vulnerable networks. This is leading to an increase in the frequency of cyberattacks as well.

As more industries adopt digital transformation — moving from primarily offline documentation and manual operations to working collaboratively online and implementing IoT — they are creating efficiencies at a potential cost of making their data vulnerable.


Top 6 Blog Endpoint Graphic

With pay-for-play access to the tools they need, cybercriminals can easily access vulnerable networks. At the same time, an unprecedented number of employers are equipping their teams to be able to work remotely. Hackers take advantage of remote workers when unsecured, unapproved wireless access points — also known as rogue access points or rogue devices — are being used by employees at home, in coffee shops, and in shared workspaces.

Ransomware Isn't The Only Financial Cyberthreat

Although the spotlight is often on ransomware attacks because of the large sums of money or cryptocurrency demanded, there are other ways that businesses are being targeted that are driving up loss ratios for cybersecurity insurance providers.

Business Email Compromise (BEC) incidents are also on the rise. BEC incidents can cost organizations millions—representing close to 60% of the top five internet crime losses in 2021, according to Microsoft. BEC is when  hackers impersonate a trusted business or person to trick victims into sharing data or credentials so they can steal from them. This includes sensitive data or money, depending on the goal of the cyberattack.

Icons_Phishing cropped

 

Four turquoise icons illustrate what happens when an attacker sends an email to a company.

Forbes reported a BEC incident in which someone impersonated an email address to scam the finance department of a small town in New Hampshire. The incident resulted in the cybercriminal receiving $2.3 million in redirected transactions.

Risk Assessment is Evolving Along with Cybercrime

Third-party software vulnerabilities are another way that threat actors are accessing private networks, and it’s making risk assessment for insurance companies more difficult.

Whether it’s cybersecurity or home insurance, premiums are typically based on answers to a series of qualifying questions that assess risk. That risk is difficult to assess when a threat is part of a technology supply chain.

One of the largest supply chain attacks happened in 2020, when the US-based IT company, SolarWinds, was attacked. A domino effect occurred, infecting the computers of 33,000 unsuspecting customers with malware.

Because of these unpredictable risks, insurance carriers are asking for more robust documentation related to cybersecurity policies and incident planning. Some carriers are also reducing the coverage amount they offer, especially when it comes to ransomware attacks.

Blog Post Graphics (30)

 

The Future of Cybersecurity Insurance

The one thing we know about the cybersecurity insurance landscape is that it continues to evolve as providers and experts learn more about the capabilities of cybercriminals.

According to Woodruff Sawyer, a US-based insurance provider who developed a Cyber Liability Looking Ahead Guide, governments are paying more attention and implementing laws to protect consumers impacted by cyberattacks on businesses and to prosecute those who are caught.

Privacy regulations including the EU’s GDPR, California’s CCPA, and Canada’s CASL have all made strides in protecting the privacy rights of consumers. Sanctions and reporting requirements instituted by governments have also helped reduce risk to consumers.

These regulations, however, are meant to protect and benefit consumers who may be exposed to a cyberattack as a result of doing business with your organization.

It falls to you to implement the controls and policies necessary to comply with these requirements. Business leaders need to take action now to ensure that their businesses and bottom lines are protected.

Don't let yourself be intimidated by cybersecurity insurance policies and premiums! Despite rises in cybercrime costs and threats, cybersecurity solutions and insurance are adapting to the evolving landscape and there are things you can do to protect your business and your data. Take stock of your security posture and steps to mitigate cyber risk. Not only could this reduce your premiums, it could reduce the likelihood of an attack in the first place. 

If you're looking for help with your security posture, we have added some more resources below for you to check out, or get in touch with one of our Bulletproof experts today through the form below. 

Icons (15)

 

Icons (16)

Bulletproof CEO ebook cover v3 portrait copy checked

How exactly do you weather a perfect cybercrime storm? 

 

As the way we work has evolved, cybercrime tactics have evolved as well. How can you protect your business in an increasingly volatile cybercrime landscape? Take action with this eBook designed to help CEOs, executives, and decision-makers understand today’s cyberthreat and what they can do to tackle today’s challenges and strengthen their security posture. 

 

GET YOUR COPY

Microsoft Defend Against Threats with SIEM + XDR Workshop

Microsoft Defend Against Threats with SIEM + XDR Workshop

Gain visibility into immediate threats across email, identity, and data and demonstrate how Microsoft Sentinel and Microsoft 365 Defender help organizations use intelligent security analytics and threat intelligence to detect and quickly stop active threats.

EXPLORE THE WORKSHOP

Why Bulletproof?

BULLETPROOF CREDENTIALS

  • Microsoft 2021 Global Security Partner of the Year Winner
  • 5X Microsoft Canada IMPACT Award Winner.
  • Over two decades of experience in the security and compliance business.
  • Microsoft Solutions Partner for Modern Work + Security, specializing in Threat Protection and Cloud Security, and Digital & App Innovation Azure
  • Two State-of-the-art 24/7 Security Operations Centres (SOC).
  • Trusted by users on six continents to protect their data, devices, and people.
  • Holder of Microsoft’s Advanced Specialization in Threat Protection.
  • Bulletproof 365 Enterprise (B365E) is a Microsoft Verified Managed XDR Solution.
  • Member of the Microsoft Intelligent Security Association.Impact Award + Global Award Duo Logos_Full Color_Trans
Julie Jefferies Quote 

Share This

Call Us

1.866.328.5538

© 2024 BULLETPROOF, a GLI Company