The growing trend of remote work across various industries, coupled with advancements in technology such as IoT, 5G, and metaverse, has elevated the significance of cyber insurance in our digital-centric society. As a result, its importance for businesses is greater than ever before.
The larger the organization’s business revenue, employee strength, network security, dependence on systems, and claims history, the greater will be the need and exposure to cyber insurance.
Cyber Insurance, also referred to as cyber liability insurance or cyber risk insurance, shields businesses from potential harm caused by cyber threats to their systems and data. This type of insurance safeguards sensitive information, such as social security numbers, credit card details, and health records, which can lead to financial losses.
What it covers
Cyber insurance generally covers costs (1) related to:
- Data breach
- Cyber extortion threats and ransom payments
- Network intrusions and outage situations
- Denial of service
- Regulatory fines
- Lawsuits due to privacy breaches
- PR costs to restore the organization’s image after a data breach
It does not however cover intentional fraudulent acts by your organization’s employees, acts performed with prior knowledge of system drawbacks before insurance coverage commenced, business interruptions due to systems managed by third parties, group companies where organizations do not have a majority holding, and costs related to criminal proceedings.
The scenario today
Today cyber insurance policies tend to vary significantly in what they cover, the limits, and the terms and conditions. While this may seem natural considering the uniqueness of businesses and the approach they adopt, it can also prove confusing for newcomers seeking policy coverage.
With cyber incidents surging, the good news is that businesses have taken cognizance of the need for insuring themselves. An interesting statistic from a Blackberry survey (2) showed that 60% of businesses said they would reconsider entering into a partnership or agreement with another business or supplier if the organization did not have comprehensive cyber insurance.
That said, it’s seemingly natural that insurance premia are on the rise. The National Association of Insurance Commissioners estimated that the direct-written premiums for cyber insurance collected by U.S. insurance carriers in 2021 grew by 92% year over year. Another study showed that insurance prices in the US increased by 79% in Q2 of 2022 compared to 2021.
What should organizations be doing?
With rising costs of new coverage, and renewal rates going up almost 10 to 20 fold, organizations (4) are compelled to review the heavy reliance on coverage costs. The way forward is to understand that minimizing expenditure can be done only by adopting a good security posture, and by embracing a comprehensive security approach. A shift in thinking on risk prevention, improved visibility, and quantification during the risk assessment phase is also called for.
Gartner (5) lists the things organizations considering cyber insurance should be doing:
- Obtain reasonable premiums, companies must have a strong security posture.
- Determine the true value of the policy, organizations need to look beyond the quote and examine the policy language.
- Obtain history of paying claims and specific examples from the insurance carrier.
- Complete the policy application thoroughly and truthfully –inaccuracies may render claims invalid.
- Re-evaluate IT risk and security programs as well as any policy changes on an annual basis to ensure adequate coverage.
A Look into the Future
As regulations for cyber insurance become more mature, and more regulatory bodies worldwide enforce cyber risk exposure and incident/procedure reporting, cyber insurance is almost certain to witness unprecedented growth in 2023 and beyond. Claim statistics are already impacting the conversation. Today data privacy liability, cyber extortion, network business interruptions, and recovery and restoration of data assets are the five most common cyber insurance claims. Statistics show that most cyber insurance claims from businesses relate to breaches – almost 73% of all cyber insurance claims (3). Cybersecurity Ventures predicts the cyber insurance market will grow from approximately $8.5 billion in 2021 to $14.8 billion in 2025, and exceed $34 billion by 2031, at a CAGR of 11%.
Yet, insurance premia are not the only things tipped to undergo change. Forbes (2) lists 4 major changes that are almost certain in the cyber insurance landscape.
- Insurance coverage will not cover nation-state attacks (a rule that is already effective in the UK this year).
- Coverage to be denied to applicants not adopting best cyber security practices
- Higher premiums for organizations failing to establish and maintain cyber health and hygiene practices
- Insurers to deploy their own assessment technology when processing applicants and determining premia
As cyber insurance providers grapple with the shift from individual hackers and small-scale attacks to large-scale cyber assaults, the industry is experiencing significant changes and insurers are taking measures to protect themselves from unforeseen losses and impacts.
With the proliferation of new technologies, devices, and trends, it seems clear that cyber insurance is today an essential part of the modern business landscape and is here to stay. Additionally, the way that insurers and insured parties work together will determine how well insurance policies address the unique needs of individual organizations.
Aurora Systems Consulting Inc with its host of cybersecurity products like Vulnerability Management, Identity Access Management, Privileged Access Management, Log Management and Endpoint Detection Response and others can assist you in improving your security posture as a first step in your cyber insurance journey.
For more information as to how we can be of assistance, email us at firstname.lastname@example.org or call +1 888 282 0696.
- What is Cyber Insurance? – Forbes Advisor
- Cyber Insurance Premiums Are Up—And That’s Not The Only Industry Shakeup (forbes.com)
- What’s on the Horizon? Top Cybersecurity Predictions for 2023 by Aurora President, Philip de Souza | Aurora (aurorait.com)
- The Imminent Death And Rebirth Of Cyber Insurance (forbes.com)