Cyber coverage is more important than ever to protect businesses against rising online attacks
Almost every business, regardless of model, size, or industry, should look at the possibility of obtaining cyber insurance. It’s becoming essential as more individuals are harmed by identity theft and other exploits, and more organizations must recover from data hijacking, lawsuits, and reputational damage.
Cybercriminals are upping their attacks on many industries and now targeting smaller and smaller businesses, assuming they’ll have less robust cybersecurity measures. Cyber coverage is there to stand guard, but these policies are experiencing some challenges and evolving along with threats.
Here’s why cyber insurance is becoming essential and how it’s changing amidst a digital crime wave.
Why cyber policies are on the rise
The number of companies with cyber insurance policies increased from 34% in 2011 to 78% just under a decade later. It’s a sign of the times in several ways. First, cybercrime has similarly soared in the past 10 years, and breaches continue to grow annually and rapidly. This expansion reflects the persistent ROI for well-equipped criminals and the sheer number of digital devices used by their targets today. In addition, the pandemic shifted a massive percentage of the workforce to remote work, increasing the odds of breaches as employees access sensitive company systems from personal devices without sufficient protection.
Businesses are starting to accept that even robust cyber security measures won’t necessarily prevent a breach—for many, it’s becoming a question of when instead of if they’ll be hit.
Why insurers aren’t upping coverage options despite increased demand
Cyber crime’s status as a global threat sets the stage for a considerable number of cyber insurance claims. Insurers are thus getting more stringent about who can be covered. A Reuters business report revealed that providers are far more selective when taking on customers, along with how much protection policies offer.
Insurers are even scaling back payout amounts and increasing coverage rates because they recognize the sheer scale of the issue faced by businesses. This is potentially a big problem for companies (and the clients they serve), as breaches require quick and often expensive action to limit the damage and prevent future incidents. And uninsured companies are left entirely footing the bill and passing along these costs to consumers—if they survive the expense.
Individuals and organizations sometimes hesitate to take out many forms of insurance, especially as rates increase and coverage amounts lower. But cyber insurance is becoming critical, and avoiding or delaying coverage could have even worse implications.
Are rates and coverage amounts the main issues in cyber insurance adoption?
Insurers denying coverage or raising rates aren’t entirely new challenges in the industry overall. But these issues are at least more understandable when we view them from the insurer’s perspective, and specific factors are causing cyber providers to get picky. Chief among them is that many businesses aren’t prepared for a cyber-attack and knowingly or ignorantly continue digital practices that leave them vulnerable. Some organizations do the bare minimum to protect themselves, believing they have sufficient cyber coverage as a safety net.
And this is where many payouts get denied: one of the prime factors for coverage eligibility is a policyholder making a sufficient effort to avoid the negative outcome. Consider this example featured in a Deloitte study, where hackers successfully compromised insufficient security at a financial services and insurance firm:
Attackers exploited vulnerable software on the company’s servers and stole payment card information for more than 93,000 customers, including names, addresses and unencrypted card security codes. […]
The company immediately removed the vulnerable IT elements and had to issue a formal apology. It also offered free identify fraud monitoring to affected customers. However, the company has been strongly criticized for retaining unencrypted security codes — which is a noncompliance issue according to the Payment Card Industry Data Security Standard (PCI DSS) — and for not reporting the breach to its customers sooner.
This is a breach with extremely expensive clean-up costs, the targeted company had poor security, and insurers overall are very well-informed about risk. Thus, it makes sense that they will be pickier about choosing policyholders with more robust security and mitigate their risk by adapting coverage and increasing rates.
Stay informed and protected with NICRIS
Cyber insurance is becoming more common as digital threats grow, but providers are making some tough decisions to offer policies that protect customers while generating profits. In the end, coverage is essential, and businesses should take out policies to protect themselves. But insurance is only part of the cybersecurity equation. Policyholders must also shore up their security measures—and it’s becoming a crucial factor in who can obtain cyber coverage at all.
The NICRIS team can help you navigate this new insurance landscape to find a cyber insurance policy that works for you. You can contact us for a free, personalized review or send any questions or concerns by dropping us a line.