There are a few devastating incidents that can cause a company to go out of business if they don’t have the right safety net. For example, a natural disaster can cause irreparable harm to your office building and everything inside, and if you don’t have insurance coverage, it could be impossible to recover.
Another threat today’s businesses face is the cost of a cyberattack. Just one successful ransomware attack can mean a remediation cost of nearly 2 million dollars.
A phishing attack that results in a major data breach of personally identifiable information now averages a cost of $4.24 million.
Companies protect themselves by putting IT security measures in place, but this can still leave them vulnerable if they aren’t regularly training employees on cybersecurity or having ongoing security audits conducted.
An increasingly important safety net that businesses have been adopting is cybersecurity liability insurance.
What is Cyber Liability Insurance?
Cybersecurity liability insurance pays certain costs in the event of a cyberattack. Just like property or auto insurance, it provides important protection against devastating financial losses in the event of a crisis.
This type of insurance was first introduced in the late 1990s but was mainly used by larger organizations and covered data losses. In the last decade, insurance carriers have been marketing this type of insurance as a “must-have” for all types of companies due to the increase in cybercrime and attack-associated costs.
Some of the standard costs that cyber liability insurance can cover include:
- Identity theft remediation costs
- Legal costs
- Forensic information technology services
- Public relations services for reputation damage control
- Legal defense costs
- Data restoration/recreation
- Restoring computer systems
- Lost business during downtime
- Cost of the ransom paid to a ransomware attacker
However, just recently, some carriers have been reducing coverage and raising premium costs. This is a response to the sharp rise in cyberattacks during the pandemic and the lack of IT security for remote teams that have many companies falling victim to attacks.
And while a few carriers have been the first ones to adopt new standards, it’s an indicator that others will be doing the same due to finding certain costs too risky to cover.
Changes To Prepare For in Cybersecurity Insurance Policies
Stopping Reimbursements for Ransomware Attacks
One of the biggest changes coming for cybersecurity insurance is carriers refusing to cover ransomware payments any longer.
Insurance carrier AXA recently announced that it would no longer provide any reimbursement for ransom paid to attackers. This announcement happens just as ransomware attacks and ransom demands are climbing.
The average ransom requested in a ransomware attack rose by 518% in 2021.
This means that companies that used to feel they had a backstop that allowed them to go ahead and pay an attacker to get back up and running quickly, may no longer have that. This makes backup and recovery solutions more vital than ever to avoid having to pay a ransom.
Dropping Coverage for Attacks Perpetrated by “Nation-States”
Many high-profile attacks are launched by state-sponsored hacking groups, meaning they have a government authority directing or enabling the group.
Large insurance carrier Lloyd’s of London announced at the end of last year that it would no longer cover the costs from attacks conducted by nation-states.
How this is interpreted would depend upon the individual carrier, but if state-sponsored hacking groups are included, this could mean that many far-reaching cyberattacks are no longer covered by cyber liability insurance.
Making it Harder to Get Cybersecurity Insurance
Human error is one of the main causes of data breaches. People create weak passwords, don’t have sufficient phishing detection training, or lack basic good cybersecurity hygiene.
Insurance carriers are no longer willing to take a risk on these risky behaviors. If companies want to qualify for cybersecurity insurance coverage, they need to show that they have strong safeguards in place. This includes things like multi-factor authentication and taking a zero-trust security approach.
Increasing the Cost of Cyber Liability Policies
Along with reducing the things insurance policies will cover and increasing the requirements for companies to obtain cyber liability insurance, prices are also going up.
During the first quarter of 2021, the costs for policies that covered ransomware payments saw double-digit increases each month.
This leaves companies with less of a safety net than they may have enjoyed in the past and makes investing in your cybersecurity infrastructure one of your most important IT priorities.
Find Out Where Your Cybersecurity Protection Stands
Rocky Knoll Technologies can help your Charlotte area business with a full cybersecurity audit to let you know where you stand and what solutions can help you reduce your risk.
Schedule a consultation by calling 704.594.7292 or reach us online.