Have you noticed a change in your cybersecurity insurance policy?
Or maybe you’re looking into cybersecurity insurance for the first time and would like to understand it better. What’s the big deal about cybersecurity insurance, anyways?
Cyberattacks continue to increase, setting records for both frequency and cost in recent years. The increase in online danger and rising costs of a breach have led to changes in cybersecurity insurance. As a result, the cybersecurity insurance industry is ever-evolving.
Businesses need to keep up with these trends to stay protected.
For over 25 years, WEBIT Services has helped hundreds of clients build effective cybersecurity procedures and strategies.
By reading this article, you will learn what cybersecurity insurance is and four relevant cyber liability insurance trends.
What is cybersecurity insurance?
Cybersecurity insurance is still a pretty new concept for many small and medium-sized businesses (SMBs). It was initially introduced in the 1990s to provide coverage for large enterprises. It covered things like data processing errors and online media.
Since then, the policies for this type of liability coverage have changed. Today’s cyber insurance policies cover the typical costs of a data breach, including remediating a malware infection or compromised account.
Cybersecurity insurance policies will cover the costs for things like:
- Recovering compromised data
- Repairing computer systems
- Notifying customers about a data breach
- Providing personal identity monitoring
- IT forensics to investigate the breach
- Legal expenses
- Ransomware payments
Why businesses need cybersecurity insurance
Data breach volume and costs continue to rise. 2021 set a record for the most recorded data breaches on record. And in the first quarter of 2022, breaches were up 14% over the prior year.
No one is safe. Even small businesses are targets. They often have more to lose than larger enterprises as well. Roughly 60% of small businesses close down within six months of a cyber incident.
4 Trends in the cybersecurity insurance market
1. Demand is going up
The average cost of a data breach is currently $4.35 million (global average). In the U.S., it’s more than double that, at $9.44 million. As these costs continue to balloon, so does the demand for cybersecurity insurance.
Companies of all types are realizing that cyber insurance is critical. It’s as important as their business liability insurance. Without that protection, they can easily go under in the case of a single data breach.
With demand increasing, look for more availability of cybersecurity insurance. This also means more policy options, which is good for those seeking coverage.
2. Premiums are increasing
With the increase in cyberattacks has come an increase in insurance payouts. Insurance companies are increasing premiums to keep up. In 2021, cyber insurance premiums rose by a staggering 74%.
The costs from lawsuits, ransomware payouts, and other remediation have driven this increase. Insurance carriers aren’t willing to lose money on cybersecurity policies. Thus, those policies are getting more expensive as they grow more necessary.
3. Certain coverages are being dropped
Certain types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for “nation-state” attacks. These are attacks that come from a government.
Many governments have ties to known hacking groups. So, a ransomware attack that hits consumers and businesses can very well be in this category.
In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. So, if an insurance policy excludes these types of attacks, be very wary.
Another type of attack payout that is being dropped from some policies is ransomware.
Between Q1 and Q2 of 2022, ransomware attacks increased by 24%.
Insurance carriers are tired of unsecured clients relying on them to pay the ransom, so many are excluding ransomware payouts from policies. This puts a more significant burden on organizations. They need to ensure their backup and recovery strategy is well planned.
4. It’s harder to qualify
Just because you want cybersecurity insurance doesn’t mean you’ll qualify. Qualifications are becoming stiffer. Insurance carriers aren’t willing to take chances, especially on companies with poor cyber hygiene.
Some of the factors that insurance carriers look at include the following:
- Network security
- Use of things like multi-factor authentication
- BYOD and device security policies
- Advanced threat protection
- Automated security processes
- Backup and recovery strategy
- Administrative access to systems
- Anti-phishing tactics
- Employee security training
When applying for insurance, you’ll often need to fill out a lengthy questionnaire. This includes several questions about your cybersecurity situation. Having your IT provider help you with this is a good idea.
This can seem like a lot of work that you have to do to qualify for cyber insurance. As you review the questions, your IT partner can identify security enhancements. Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums.
So, it pays to do a cybersecurity review before applying for cyber insurance. You can save yourself time and money. It can also fortify your defenses against cyberattacks.
Cybersecurity coverage and insurance applications can be complex. If you answer a question incorrectly, it can mean paying hundreds more in premiums than you should.
Next steps for understanding cybersecurity insurance policies
As cyberattacks increase, so do the value and cost of cybersecurity insurance policies. Having the right insurance policy could save your business if it’s hit with a major cyberattack.
Four trends currently affecting the cybersecurity insurance market include:
- Demand is going up
- Premiums are increasing
- Certain coverages are being dropped
- It’s harder to qualify
If you are concerned about understanding the cybersecurity insurance form and its qualifications, talk to your IT provider or IT security expert. They can help walk you through each question and help you understand your current security situation.
WEBIT Services is passionate about helping its clients improve their cyber security and develop incident response plans to keep their assets safe. WEBIT Services has also helped clients find cyber insurance to match their needs and budgets.
If you are looking for a new IT Provider or have additional questions, schedule a free 30-minute consultation with WEBIT to see how it can help.
If you are not ready to talk to our team but would like to learn more on topics like cybersecurity and cybersecurity insurance, we recommend the following articles:
- Cyber insurance: what is it, why do you need it, and how much do you need?
- How at risk am I? | A cybersecurity self-assessment
- Do hackers target small businesses?