Over the last few years, cyber threats have surged and regulations have evolved, both of which have impacted the price and availability of cyber insurance. After the more recent and costly attacks, including SolarWinds and Colonial Pipeline, insurers have been increasing premiums, reducing coverage, and mandating new requirements. Experts warn that if things continue as is, many organizations will either not qualify or won’t be able to afford cyber insurance as early as 2023.
Cyber insurance typically covers liability associated with a ransomware attack or data breach. However, given the rise in cyber attacks, insurers are taking a second look at a company’s cybersecurity policies and are now restricting levels of coverage and heightening qualifications based on these policies. Some companies that qualified in past years are now being turned down for renewals. Others don’t qualify at all.
The insurance industry, like any other industry, needs to be profitable. To do this, they must limit risk. As a result, CISOs are being put through rigorous examinations in an attempt to defend their company’s security posture. Proof of endpoint protection, continuous monitoring, network segregation and much more is being required by carriers before coverage is even considered, and that’s if a company can even afford the coverage. According to the Wall Street Journal, U.S. cyber insurance prices increased 79% from a year earlier, after more than doubling in each of the preceding two quarters.
Mind the Gap
A recent study, conducted by BlackBerry Limited and Corvus Insurance titled the BlackBerry Cyber Insurance Coverage study, found most businesses are experiencing concerns over ransomware attacks and demands. Only 19 percent of those surveyed have ransomware coverage above $600,000, which creates a substantial gap since a typical data breach costs the average organization $2.4 million, according to Forrester.
Small- to medium-sized businesses are especially vulnerable. It’s been a tough, uphill battle for some after the pandemic. Add to that the increase in cyber attacks and increased cyber insurance costs. Some may not survive.
But larger corporations are suffering as well. Some may need to work with a variety of insurance carriers to achieve the level of coverage they need, which can substantially increase insurance costs. Add to this the required cybersecurity software and personnel to manage it, and most find that cybersecurity costs are spiraling out of control.
The BlackBerry study also found that many businesses reported having coverage that is inadequate, and 37% reported their coverage excluded ransomware payment demands, and 43% are not covered for other costs, such as court fees.
5 Ways to Combat Rising Cyber Insurance Premiums
The only answer seems to be putting the required software, personnel, policies and procedures in place in an attempt to reduce your cyber risk and obtain coverage at the lowest premium possible. To do this, consider implementing the following measures to improve your company’s security posture:
- MFA: Stolen passwords account for a large number of cyber attacks. Multifactor authentication should be used by all employees on all software platforms that provide it. Your account is more than 99.9% less likely to be compromised if you use MFA.
- Continuous monitoring: Employ software that continuously monitors all websites, applications and IP addresses, which are all particularly vulnerable to cyber attacks. This type of software can cross-check against aggregated threats and automatically alert you to a potential breach.
- Third-party risk management: Managing the risk your vendors can potentially introduce is nothing new, but the ways in which you can do it are. Gone are the days of manual spreadsheets. Now, AI-infused platforms, such as ProcessBolt, automate the process, reducing the time it takes to analyze vendor assessments by up to 80%.
- Data management: Data equals money to hackers. And simple steps can prevent or lessen the effects of a cyber attack. Limit employee and vendor access to only those systems deemed necessary, and segment networks so that a hacker cannot gain access to your entire environment. If a breach does occur, prove to carriers that you have a disaster recovery plan in place to minimize data loss.
- Follow a framework: By adhering to a security framework, such as NIST or HIPAA, you’re alerting insurance carriers that your company is intent on following security best practices and meeting a certain level of security standards. This step can go a long way toward reducing insurance premiums.
The ProcessBolt Platform
For far less than the cost of a security analyst, ProcessBolt’s fully automated platform can up your cybersecurity game. Proactively monitor and remediate cybersecurity threats, identify risks, manage vendors, and ease the burden of security assessments—this all-in-one software does it all. See for yourself with a customized, 15-minute demo.