Cyber insurance policies are no longer a modest, incremental cost to your business. Premiums started to sharply increase in 2021 and that momentum continued into the 2022 renewal season. This has nothing to do with inflation. The rising premiums are due to higher claim payouts cutting deeply into the cyber insurance industry’s profits. According to the Federal Bureau of Investigation (FBI) there was a 62% increase in ransomware incidents through the first six months of 2021 in the US, which followed a 20% increase in the number of incidents for the whole of 2020. Cyber insurance carriers were on the hook for a lot more than they had planned.
But as eye-watering as cyber insurance coverage has become, the actual costs go well beyond premium increases. And when you add it all up, implementing the necessary security measures is a more efficient use of resources for many organizations than simply swallowing the rate hikes.
As a managed IT service provider, our teams work around the clock to keep our clients secure. Even though we use the latest in threat technologies to protect our clients, we still recommend the purchase of adequate cyber insurance to protect against business loss. A ransomware event can leave even the best-prepared business crippled for multiple days and then still have to potentially work for months addressing lingering issues. The right cyber insurance policy is a vital financial instrument to cover many of the costs necessary to get you back in business.
Unfortunately, many organizations continue to have a “hope” strategy and never prioritize investment in IT security. For some, the bill finally comes due when malware strikes and suddenly, they have no access to their vital business systems and data. They quickly learn the US Dollar conversion rate for Bitcoin so they could liberate their data from the ransom thugs. Others will have compromised systems for months before they start to notice some suspicious behavior. The fact is, if your business has internet connectivity, you are a target no matter if you have ten employees or several hundred.
It’s important to know that the true cost of buying cyber insurance includes more than the monthly premium. For instance, most cyber insurance carriers now require that businesses implement basic IT security and controls before they provide coverage. Multi-Factor Authentication (MFA) is a common requirement, and some carriers now also request that a reputable Endpoint Detection and Response (EDR) solution be in place, so expect that to become a new requirement next year. More security-minded organizations would implement these solutions alongside foundational practices such as network segmentation, a rigorous password policy, and regular employee cyber security training.
It pays to start planning now for your next cyber insurance renewal. Do not wait for your insurance agent to reach out 45 days before your renewal — many security projects take a minimum of ninety days to execute appropriately. Work with a trusted IT security partner to review your security and help implement the necessary solutions and controls, or at least hire a third-party IT vendor to perform vulnerability scans to check your work.
All organizations now need to prioritize security and promote it from the top down. By planning early and taking appropriate steps, you not only better protect your business from a cyberattack, but you can avoid the potentially most costly change in cyber insurance: being denied any coverage at all.