ARTICLE

Embracing And Learning From A Cyber Insurance Application

Melissa Blog Post Author 7min

The Federal Bureau of Investigation, Internet Crime Report 2021, received reports of potential losses exceeding $6.9B from cybercrime and nearly 4,000 complaints attributing to ransomware alone, costing $49M+ in financial loss. It’s no secret that ransomware and security incidences have increased drastically over the years with zero indication of decline. 

Cybercriminal tactics have consistently evolved since the onset of the COVID-19 pandemic. The attacks target every industry and have increased in frequency, size, and sophistication. Cyber breaches continue to cause business disruptions, compromising a company’s reputation when customer data is at large – on top of significant financial loss. When cyber incidents occur, organizations scramble and struggle to remediate, and some never recover.

A new market trend is the rise of global cyber insurance. According to Vantage Market Research, the cyber insurance market is expected to grow over 24% during 2022-2028, reaching up to $28B by 2028.

In addition, as a result of the growing number of cyber incidents, some organizations are taking a proactive approach by investing in cybersecurity insurance to reduce the financial impact. 

Icon_Hacker Cyber Attacks Cyber Threats

Cybercrime will continue to rise 15% year over year.

Cybersecurity Ventures Report

 

Article Sections

Article Sections

What is Cyber Insurance?

Cyber insurance is relatively new to the broker’s portfolio. Most companies with existing insurance policies saw premiums increase by 30-50% with cyber insurance. However, premiums could be reduced if the companies provide proof that they have proper security controls in place via the cyber insurance application.  

Cyber insurance is like home or auto insurance; premiums will increase when the number of claims and the severity of losses rise. From 2015 to 2019, the average ransomware demand increased from $23k to $175k and the average incident cost, in total, rose from $118k to $275k during the same time. The rates can be extremely high in relation to the protective measures that need to be put into place as it relates to the “if/when” a breach may occur. Even with the higher premiums, most companies aren’t adequately prepared for a breach with the right security plan, personnel, and technologies.

iStock-1295819436

 

Underwriting Standards

Underwriting standards have increased, and more insurance providers are asking the hard questions and running audits on the answers to ensure accuracy; at the same time, the complexity of the questions continues to increase. In addition, insurance providers have specific language in their policies that clarifies how they will treat certain breaches and what would be excluded from coverage. Therefore, it’s essential to fully understand the coverage terms and conditions to avoid potential claim denials.

Many insurance providers will not provide coverage unless a standard level of security controls is in place. Some areas include access management, multi-factor authentication (MFA), education and privileged identity. In addition, the contracting limits have significantly changed from large lines of $10M to smaller $2M and $5M policies. Some customers would prefer having more coverage and higher limits. However, the premium costs would be extremely high, possibly more than they would be willing to invest. In the coming years, we expect to see even more change in the underwriting approach requiring companies to invest heavily in security controls. 

While insurance requirements are now driving security control demands, organizations still have reputational risk, and customer trust to contend with that may see them opt for even tighter measures. It gets down to asking the question, “what value do we place on our brand?” and assessing the reputational impact of a breach.

Icons (2)

Cyber Insurance Application

When gaming organizations plan to invest or renew an insurance policy, it’s becoming more common for insurance providers to send a cyber insurance application with the goal of better understanding the customer’s security posture and risks. With that, who is responsible for completing the application within a company? Is it the IT department, legal counsel, compliance, human resource, or senior executives? The answer, everyone. It’s everyone’s role to contribute and understand the importance of cybersecurity, what measures are currently in place, where the risks are, what the impacts are, etc.

No matter what role you play, everyone is impacted by cyber risks. Cyber risks aren’t just a technology problem; they are constantly evolving and must be aggressively managed across departments. Cyber insurance applications can be daunting and cause frustration, ranging from seven pages long or longer. The topics can include a series of questions relating to PCI, cybersecurity e-learning, managed security services, computer and network security, business continuity, security assessments, media, e-crime, etc.

Answering all the questions accurately is essential to ensure the right coverage is selected for the organization, reinforcing the importance of selecting the right stakeholders/decision-makers from various departments who can weigh in. If a cyber incident occurs, the goal is to recover and remediate it quickly. This response requires cross-departmental alignment, a security plan, the right insourced or outsourced team, and the proper technologies.

Organizations with no plan will be caught off-guard and left scrambling to pull together the pieces when a system interruption happens or if data is breached, costing reputational, financial, and operational damages. Answering assessments accurately and having solid plans will mitigate the risk of a claim denial.

iStock-1359589480

Evolving State and Federal Rules & Regulations

It’s not just insurance requirements that are evolving. As we know, state and federal rules and regulations are constantly evolving and becoming more stringent as cybercrime continues to skyrocket. Every organization must comply with an increasing set of regulations and standards. Organizations that are proactive and have a plan will be better equipped to mitigate risks and prevent breaches in the future.

The Strengthening American Cybersecurity Act that was passed in March 2022 by the Senate and is currently awaiting President Biden’s approval is one change that organizations will be required to adhere to. This new law will require reporting to the Department of Homeland Security of all breaches and ransomware payments deemed critical to the United States’ infrastructure within 72 hours and within 24 hours of a payment for a breach.

In addition, state regulators are requiring sports wagering and iGaming for both casinos and gaming suppliers to complete security assessment and security controls reviews. As a result, some gaming customers are starting to build their security plans to the strictest standards. These higher standards ensure they are compliant across all jurisdictions in which their business operates

Another example is that the State of Nevada revised its privacy laws in 2021, which now stipulates that companies cannot sell personal data they collected. This requirement allows customers to opt-out of having their data sold to third parties. Customers have the right to know what personal information is being collected, how/where/how long it is being stored, and who can access the data collected.

Since Europe brought forward GDPR, many other countries have followed in their footsteps and enhanced their privacy standards. Has your business integrated these changes into your operations?

What can you do to secure your gaming organization properly?

Checkmark IconTalk to your peers. Learn what others are doing in the industry, get educated, and ask for help!

Checkmark IconStart investigating if Cyber insurance is something your organization wants to invest in. While cyber insurance offers protection for financial loss, it’s not a silver bullet in cyber defense. Organizations must be diligent about improving their security defense, and cyber insurance can be helpful if you still have an attack.

Checkmark Icon Implement multi-factor authentication (MFA) ASAP if you haven’t already done so.

Checkmark Icon Do regular back-ups consistently and test them to ensure they work. Depending on the maturity of the tools and solutions, there could be malicious information in your backup if it’s not maintained.

Checkmark Icon Offer cybersecurity training courses to your employees and test them regularly. If you don’t have cybersecurity training courses, find one that is user-friendly and engaging for your employees. Consider using a managed education service so your IT teams can focus on what is most important to the business. You can turn your most valued assets into cyber defenders!

Checkmark Icon Complete cybersecurity assessments regularly (e.g., Ransomware Security Posture Assessments, etc.) and do quarterly scanning.

Checkmark Icon Implement proper network segmentation and have an independent security company check to ensure it was set up and is still segmented correctly.

Checkmark Icon Develop an incidence response and recovery plan.

Checkmark Icon Consider implementing endpoint protection and leveraging best-of-platform solutions to ensure you are covered end-to-end.

 

HS CTA Gaming eBook (1)

A Guide For How Gaming Organizations Can Tackle I.T. and Security Hurdles

Today’s digital landscape has changed how the gaming industry operates, introducing new platforms, devices, and even business models. With the rise of online gaming and the exponential popularity of smartphones, gaming organizations need to adapt, pivoting with consumer behaviors. But this technological shift has also opened the door to more cybercrime than ever.


Many key players in the industry aren’t fully aware of how cyber threats have grown, both in severity and frequency. They may have IT staff in place to respond to threats, but no way of knowing if their defenses are really able to handle new challenges. 


Learn how to strengthen your defenses against modern cybercriminals with this eBook.

 

GET YOUR COPY

Why Bulletproof?

BULLETPROOF CREDENTIALS

  • Microsoft 2021 Global Security Partner of the Year Winner.
  • Microsoft Solutions Partner for Modern Work + Security, specializing in Threat Protection and Cloud Security, and Digital &  App Innovation Azure.
  • Decades of technology, compliance, and security knowledge serving various industries of all sizes​.
  • We work with top gaming organizations, lotteries, U.S. Tribal Nations, government and local organizations, etc. across the globe. ​
  • Users on six continents trust Bulletproof to strengthen their IT & security posture.
  • Two State-of-the-art 24/7 Security Operations Centre (SOC) in North America.
  • Our security professionals hold industry-recognized certifications, including ISO/IEC 27001, WLA-SCS, CISSP, CISA, CEH, CPT, OSCP, and PCI-QSA.​
  • Awarded GSA Multiple Award Schedule (MSA) with holder of Highly Adaptive Cybersecurity Services (HACS)​.
  • Member of the Microsoft Intelligent Security Association. 

Microsoft Solutions Partner Logo White Transparent

“These remarkable partners have displayed a deep commitment to building world-class solutions for customers—from cloud-to-edge—and represent some of the best and brightest our ecosystem has to offer.”

-Rodney Clark, Corporate VP, Global Partner Solutions, Channel Sales and Channel Chief, Microsoft

Share This

Call Us

1.866.328.5538

© 2024 BULLETPROOF, a GLI Company