Businesses are becoming more aware of the risk to its infrastructure with cyber attacks. Like any other type of risk, insurance is available to mitigate the financial burden that could come from an attack.
Because the extent and variety of cybersecurity risk that businesses are trying to manage is overwhelming and resources to mitigate or eliminate the risks are scarce, businesses are searching for a solution.
Cybersecurity liability insurance cover expenses that a business would incur directly because of a cybersecurity attack or incident. Examples of these expenses include:
- Associated legal fees.
- Digital forensic services.
- Negotiation and payment of ransom to bad actors.
- Incident response and recovery services.
- Restoration of systems and applications.
- Public relations services.
- Breach notification and credit monitoring services.
The cost of these policies has traditionally been very reasonable and benefit of transferring complex cybersecurity risk was very convenient. As attacks increase and more businesses are realizing they could be vulnerable to an attack, the demand for coverage continues to increase.
According to a special report published by FitchRatings in May of 2021 the cybersecurity insurance market grew by a whopping 22% in 2020. The same report indicated that the average paid loss for a cybersecurity claim grew to $359k in 2020 from $145k in 2019. Insurance carriers are excited about the growth of the industry but recognize that underwriting efforts need to be more stringent.
Cybersecurity insurance will continue to be an available option for businesses looking to transfer risk, but insurance carriers are going to be much more stringent about their underwriting process. Here are some of the expected changes:
1. Expect a more comprehensive application process. Organizations will have to provide proof of specific controls such as:
- Written information security plans, incident response plans and disaster recovery plans
- Formal cybersecurity awareness training programs
- Strict access controls
- A sound data backup strategy
- Adoption of Endpoint Detection & Response (EDR) software
- Current operating systems, firmware and applications all patched regularly.
2. Expect underwriters to require proof of cybersecurity controls being implemented and functioning as intended.
3. Expect automatic declines if key underwriting requirements are not in place. Insurers will be careful to not issue coverage to organizations that have do not have the appropriate plans, controls, and processes in place to mitigate cybersecurity risk.
4. Expect premiums to increase, significantly. The sharp increase of the average claim paid for cybersecurity insured has underwriters concerned about profitability.
These changes being made to the underwriting process should encourage businesses to be more diligent about mitigating cybersecurity risk. It is no longer good enough to purchase a policy, but businesses will need to allocate the proper resources (time, money, or human capital) required to build an effective cybersecurity program.
Last fall we held a Cyber Security Awareness Webinar where we partnered with a national cyber security insurance company. Click here to watch our webinar. If you want to find out if you are meeting the necessary protocol to get insurance, contact us.
Recent Comments