Cyber attacks are increasing and it’s getting even harder to recover from them. Ransomware recovery costs have doubled in the last year from $0.76 million to $1.85 million in 2021, according to a report from Sophos.
Cybersecurity is no longer just a challenge for those in IT – it’s a mainstream business issue. The cyber insurance industry, once a considered to be a ‘soft’ market with high capacity and low premiums is now seeing payouts rise faster than the income from the premiums.
Cyber attacks are evolving, making it hard for insurers to assess the true risk of being attacked making it even harder for organizations to get it as the underwriting process grows more complex.
Businesses should be aware of the details of its policy and what it covers. For those who are not directly involved in the process and are curious about what the hype is about cyber insurance nowadays, here’s a brief overview:
What is Cyber Insurance?
Cyber insurance (aka cyber liability insurance) is a specialty line of insurance that protects businesses from internet-based risks. Having a this type of policy in place can help minimize business disruptions during an incident and after.
The policy can potentially cover the financial costs of some of the elements of dealing with an attack (i.e. ransom) and the recovery of it (though not from the crime itself).
The benefits of it are often for financial and operational factors, as well as for a better ‘peace of mind.’
What does it cover?
Cyber insurance covers costs incurred in the event of an incident. While most plans vary, some insurance teams can provide immediate access to experts in the event of an incident, such as IT forensic specialists, privacy lawyers, and public relations professionals. These are often first-party coverages.
It may also cover ransom demands and specialist to handle the ransom negotiations or the costs to regain access or restore data from backup sources.
Some policies may include third party coverage with limits that cover the costs associated with lawsuits.
According to Sophos’ Guide to Cyber Insurance, 84% of organizations have some form of cyber insurance.
How Common is Cyber Insurance & Who’s Most At-Risk?
Cyber insurance is common across all industries. It’s especially big in the utilities sector, like oil and gas companies followed by media, leisure, and entertainment. Cyberattacks on utility companies are often targets of attacks for their extensive infrastructure.
According to Net Diligences’ Cyber Claims study the four common threats are ransomware, social engineering, hackers, and business email compromise. However, Sophos’s survey shows only 64% of organizations had cyber insurance that covers ransomware, leaving one in five exposed to the full cost of an incident despite investing in cyber insurance.
Accenture’s Cyber Investigations, Forensics & Response midyear update says companies with annual recurring revenue of $1 billion and higher were the highest victims of ransom and extortion.
The public sector is least likely to have both cyber insurance and insurance against ransomware. Sophos State of Ransomware revealed the education sector was most likely to have been hit by a ransomware attack in the last year and the government was the sector least able to stop attackers from encrypting data.
The financial institution sector has the highest level of insurance coverage for both ransomware and cyber insurance. This industry, often lucrative for criminals is leading the way with insurance readiness.
The top factors that make up cyber insurance sales are news of cyber-related losses experience by others or the business experiencing a cyber related loss.
The cost of cyber insurance often includes demographics such as the size industry, sectors, location, and revenue; the potential exposure such as the amount of the sensitive data store collected or processed; the level of cybersecurity defenses the organization uses, history, and policy terms. Previous cyber security claims usually result in higher premiums.
Cyber insurance companies are more strapped than ever and may be harder to get insurance if your company does not already have it. If your company has a cyber insurance policy, make sure you’re aware of the details of the policy and what it covers.