Post

Understanding Cyber Insurance and Its Importance

  • The insurance industry is adapting to help business manage risk, with cyber insurance advancing rapidly. Cyber insurance serves as a crucial safeguard for businesses facing insider cybercrime and external threats like ransomware. Although cyber insurance has been a dependable safety net for years, with the rise in insider cybercrime and ransomware attacks, the landscape is quickly changing.

  • Before pursuing cyber liability, coverage or negotiating next policy renewal, it’s essential to understand the dynamics of the rapidly evolving market and assess how well the security measures will meet an insurance company’s scrutiny.

Rise of cyber insurance

  • Cyber insurance market is projected to reach $20.6 billion by 2025, from $7 billion in 2020, according to the latest estimates. This growth is a response to the surge in cyberattacks over recent years. In 2021, cyberattacks increased by 50% compared to 2020, far exceeding the expectations and budgets of businesses and insurers. The cost of cybercrime is also on the rise, anticipated to hit $10.5 trillion annually by 2025.

  • Ransomware currently constitutes 75% of all cyber insurance claims, a significant increase from 55% in 2016. Insurance Business reports that there has been no slowdown in ransomware activity, indicating it will remain a major threat in 2022 as attackers continue to exploit new vulnerabilities. One reason for the sustained increase in ransomware is businesses’ tendency to comply with ransom demands.

How do these factors influence your cyber insurance strategy?

  • As cybercrime and ransomware incidents escalate, insurance companies are unwilling to bear the brunt alone. Consequently, they are raising premiums. After underestimating risk in 2019 and 2020, some insurers have exited the cyber insurance market, allowing those that remain to meet rising demand while maintaining high premiums.

  • To mitigate the risks, insurance companies are also tightening cybersecurity requirements for coverage. They are closely examining how well businesses adhere to security best practices, such as access control, multi-factor authentication, and the principle of least privilege.

What is cyber insurance?

  • Cyber insurance is a policy provided by an insurance carrier designed to mitigate a business’s financial risk exposure by covering costs associated with damages and recovery following a data breach, ransomware attack, or other cybersecurity incidents. It can protect you from expenses related to investigations, forensics, compliance fines, lawsuits, and even extortion payments.

  • Previously, cyber insurance was merely an additional liability coverage that could be added to your standard business insurance. Traditional insurance policies typically only covered business interruptions or physical asset breaches caused by cyberattacks. However, modern cyberattacks can inflict much broader damage on businesses. In the insurance industry, this broader scope of potential damage is referred to as an “increased loss environment.”

The cyber insurance ecosystem

  • Similar to other areas of business insurance, the cyber insurance ecosystem comprises brokers, insurers, and re-insurers. Most businesses seeking cyber insurance begin by consulting with a broker who can gather quotes from various insurers. These insurers range from large, well-known companies with dedicated cyber divisions to smaller firms specializing solely in cyber insurance. Some focus on providing coverage for specific industries, such as healthcare, law firms, nonprofits, or retail.

  • Despite differences in size or specialty, all cyber insurers share a common challenge: navigating a fluid and ever-evolving market as they learn and adapt.

  • When shopping for cyber insurance, one typically does not interact directly with re-insurance companies, but play a crucial role behind-the-scenes. Re-insurance, often described as “the insurance of insurance companies,” has become increasingly significant in the cyber insurance ecosystem over the past two years. According to Cyber Magazine, reinsurers offer cybersecurity support, share underwriting expertise, provide actuarial assistance, and help manage accumulation risk, all while facilitating pure risk transfer.

What does cyber insurance cover and not cover?

  • Cyber insurance typically offers two main types of coverage: third-party liability and first-party coverage. One can choose to purchase either or both.

  • First-party coverage protects your company against expenses incurred from a data breach or hacking incident.

  • Third-party coverage means providing protection when a customer, vendor, partner, or other party sues you for allowing a data breach to occur.

  • Cyber liability policies may specify the types of incidents and damages they cover, such as “ransomware insurance” or “data loss insurance.”

  • It’s important to note that the offerings within the cyber risk sector are constantly evolving. Some providers are making significant changes to the scope and scale of their coverage.

Cyber insurers are eager for more data

  • Unlike other insurance sectors, cyber insurance lacks the extensive actuarial data needed to balance pricing with risk. While other areas of insurance have hundreds of years of data, cyber insurance only has about 15 to 20 years to draw from.

  • Assessing cyber risk requires specialized models. Insurers must blend data science, cybersecurity expertise, and underwriting skills to evaluate risk effectively. Many have established dedicated “cyber engineering” groups that conduct security risk assessments. These teams, composed of insurance underwriters and security experts, collaborate closely to determine market prices. It’s rare for experts from such diverse fields to work together in this way.

How does one prepare to apply for cybersecurity insurance?

Be prepared to answer detailed questions about your security controls and risk management practices. Cyber insurers will scrutinize your measures, such as regular phishing tests, web content filtering, and multi-factor authentication.

Cyber insurance for the long haul

  • Cyber insurance is continuously evolving, and your insurer may adjust coverage or premiums at renewal time. Providers might also require updates and new data throughout the policy term. One must maintain the same level of accountability and responsible practices that initially qualified you for the policy.

  • Whether one is considering cyber insurance for the short term or the future, one can take crucial steps now to strengthen business’s cybersecurity practices. When building cyber insurance checklist, prioritize privileged access as the foundation of the cybersecurity strategy.

Conclusion

  • Cyber insurance is a specialized policy designed to protect businesses from the financial fallout of cyber incidents such as data breaches, ransomware attacks, and other cybersecurity threats. It provides coverage for costs related to investigations, forensics, compliance fines, lawsuits, and even extortion payments.Given the increasing frequency and sophistication of cyberattacks, having cyber insurance is more crucial than ever.

  • It not only helps mitigate financial risks but also ensures that businesses can recover more swiftly and effectively from cyber incidents. As the cyber threat landscape evolves, so too must the cybersecurity practices and insurance coverage, making cyber insurance an essential component of a comprehensive risk management strategy.

This post is licensed under CC BY 4.0 by the author.