Cybersecurity Insurance Premiums Are On The Rise. Here's Why...

Cybersecurity insurance policy-holders experienced soft-market premiums for the last 15 years, but that is no longer the case as premiums soar. When loss ratios increase for insurance companies, the market starts to harden. According to S&P Global, the cybersecurity insurance market saw loss ratios of almost 73% in 2020.
So, for every dollar that was collected in cyber insurance in 2020, about 73 cents was paid out in claims. Normal insurance loss ratios across all industries typically fall in the 40-60% range.

Why the increase in cybersecurity insurance premiums over the past few years? The short version is that both the frequency and the cost of cyberattacks are increasing each year.

LinkedIn Square Size - Emily  (13)


Icons (14)-1-1


Ransomware Attacks Are Costing More Money

Cybersecurity coverage depends on the insurance provider, but often includes costs associated with a cyberattack such as:
  • Legal fees
  • Cost of experts to handle negotiations and/or regulatory issues
  • Loss of income due to business interruption
  • Credit monitoring services
  • Public relations fees for reputation repair
  • A ransomware demand (add-on feature in most cases)

One of the key reasons cybersecurity insurance premiums have sharply increased is because each year, payouts for ransomware attacks rise.

In 2021, Colonial Pipeline experienced a ransomware attack that cost the company $4.4 million in cryptocurrency. This attack was so significant that it drove up the price of gas across the United States. Working with law enforcement, Colonial Pipeline was able to only recover $2.3 million.

The losses associated with a ransomware attack are not just the demand for payment. As alluded to in the coverage list for cybersecurity insurance, the loss in productivity and revenue along with the fallout from exposing your customer’s data can result in a devastating blow to your reputation and bottom line.

In the case of a data breach or the inability to conduct business, public relations experts can help develop a crisis communications plan. This also requires your team to act fast, expend significant budget, and invest internal resources to coordinate with the PR team. Customers, the public, and internal staff need to know how the cyberattack impacts them and why they should still trust your organization.

Chapter 4


Blog Post Graphics (27)

When your data is being held hostage, you will need help from law enforcement and experts in cybersecurity negotiations — these services are not free and require internal resources as liaisons.

You should also be prepared to deal with major productivity losses if employees are locked out of their accounts. Even if access is restored, data loss could mean that your team is suddenly missing the resources they need to do their jobs, or that they need to complete a significant amount of rework.

Threat Actors Have More Access Points Than Ever

Another main reason that cybersecurity insurance premiums continue to rise is that cybercriminals are finding more ways to access vulnerable networks. This is leading to an increase in the frequency of cyberattacks as well.

As more industries adopt digital transformation — moving from primarily offline documentation and manual operations to working collaboratively online and implementing IoT — they are creating efficiencies at a potential cost of making their data vulnerable.

Top 6 Blog Endpoint Graphic

With pay-for-play access to the tools they need, cybercriminals can easily access vulnerable networks. At the same time, an unprecedented number of employers are equipping their teams to be able to work remotely. Hackers take advantage of remote workers when unsecured, unapproved wireless access points — also known as rogue access points or rogue devices — are being used by employees at home, in coffee shops, and in shared workspaces.

Ransomware Isn't The Only Financial Cyberthreat

Although the spotlight is often on ransomware attacks because of the large sums of money or cryptocurrency demanded, there are other ways that businesses are being targeted that are driving up loss ratios for cybersecurity insurance providers.

Business Email Compromise (BEC) incidents are also on the rise. BEC incidents can cost organizations thousands when hackers impersonate a trusted business or person to trick victims into sharing data or credentials so they can steal from them. This includes sensitive data or money, depending on the goal of the cyberattack.

Icons_Phishing cropped


Four turquoise icons illustrate what happens when an attacker sends an email to a company.

Forbes reported a BEC incident in which someone impersonated an email address to scam the finance department of a small town in New Hampshire. The incident resulted in the cybercriminal receiving $2.3 million in redirected transactions.

Risk Assessment is Evolving Along with Cybercrime

Third-party software vulnerabilities are another way that threat actors are accessing private networks, and it’s making risk assessment for insurance companies more difficult.

Whether it’s cybersecurity or home insurance, premiums are typically based on answers to a series of qualifying questions that assess risk. That risk is difficult to assess when a threat is part of a technology supply chain.

One of the largest supply chain attacks happened in 2020, when the US-based IT company, SolarWinds, was attacked. A domino effect occurred, infecting the computers of 33,000 unsuspecting customers with malware.

Because of these unpredictable risks, insurance carriers are asking for more robust documentation related to cybersecurity policies and incident planning. Some carriers are also reducing the coverage amount they offer, especially when it comes to ransomware attacks.

Blog Post Graphics (30)


The Future of Cybersecurity Insurance

The one thing we know about the cybersecurity insurance landscape is that it continues to evolve as providers and experts learn more about the capabilities of cybercriminals.

According to Woodruff Sawyer, a US-based insurance provider who developed a Cyber Liability Looking Ahead Guide, governments are paying more attention and implementing laws to protect consumers impacted by cyberattacks on businesses and to prosecute those who are caught.

Privacy regulations including the EU’s GDPR, California’s CCPA, and Canada’s CASL have all made strides in protecting the privacy rights of consumers. Sanctions and reporting requirements instituted by governments have also helped reduce risk to consumers.

These regulations, however, are meant to protect and benefit consumers who may be exposed to a cyberattack as a result of doing business with your organization.

It falls to you to implement the controls and policies necessary to comply with these requirements. Business leaders need to take action now to ensure that their businesses and bottom lines are protected.

Icons (15)


Icons (16)

Don't let yourself be intimidated by cybersecurity insurance policies and premiums! Despite rises in cybercrime costs and threats, cybersecurity solutions and insurance are adapting to the evolving landscape and there are things you can do to protect your business and your data. Take stock of your security posture and steps to mitigate cyber risk. Not only could this reduce your premiums, it could reduce the likelihood of an attack in the first place. 

If you're looking for help with your security posture, we have added some more resources below for you to check out, or get in touch with one of our Bulletproof experts today through the form below. 

Microsoft Defend Against Threats with SIEM + XDR Workshop

Microsoft Defend Against Threats with SIEM + XDR Workshop

Gain visibility into immediate threats across email, identity, and data and demonstrate how Microsoft Sentinel and Microsoft 365 Defender help organizations use intelligent security analytics and threat intelligence to detect and quickly stop active threats.


CTA image Kitoum HubSpot (2)


In today’s cybercrime gig economy, bad actors can purchase everything they need to bring your business to a standstill for less than $100. Our new eBook, What Business Leaders Need to Know About Cybersecurity in 2022, shares insights into today’s cybersecurity landscape and actionable tips for how you can protect your business.  


Why Bulletproof?


MSFT Gold Partner Logo_White (1)

“Bulletproof is doing an exceptional job of listening to their customers and then going above and beyond to provide them with services to unlock all the value of their Microsoft Security investment. They are able to see the value of our Microsoft security platform and have built a managed SOC service that is driving significant customer value, allowing their customers to remain focused on their business.”

-Julie Jeffries, Modern Work & Security PMM Manager, Microsoft Canada

Call Us