The fastest growing sector of the insurance industry was not on the radar for many small to medium sized businesses, until the arrival of COVID-19 in 2020.
Raking in more than four-billion dollars worldwide last year alone, cyber insurance is expected to become a fifteen-billion-dollar industry by 2025.
With the never ending growth of threats in this space, demand for cyber insurance is outpacing other insurance products. Businesses are now more than ever familiarizing themselves with things like ransomware, password managers, phishing prevention etc. in order to provide essential protection without over-extending their IT budgets.
Why are Cyber Insurance Costs Increasing?
According to The State of Email Security report, during 2020, the Mimecast Threat Center detected a 64% rise in threat volume compared to 2019. Hacker groups are quickly becoming more organised, and better at exploiting vulnerabilities exposed by the pandemic. Threat actors are carrying out more sophisticated attacks across longer timeframes to inflict greater financial damage on targets.
The standard sets of questions that insurers ask prospective clients evolve week to week as new threats arise, which makes it a time and cost intensive process for any business trying to pull together the required information. While a higher cyber insurance premium generally means a higher level of coverage, as recent trends in availability of coverage have shown, an agreed amount won’t always be sufficient cover for actual losses. The difficulty for both parties lie in estimating potential damages from an unforeseen attack or data breach of unknown length and severity, muddying the waters around how much coverage is sufficient.
The size and location of a business, what it does, and how it operates are all variables considered when assessing risk of cyberattack, but the single biggest deciding factor for cost of premiums is the value of data being secured.
Tips & Tricks for organisations to minimise their Cyber Risks and Insurance Costs
Four simple steps can dramatically increase organization’s cyber-attack resilience.
- Implement multi-factor authentication (MFA) across all applications
- Check backups and institute backup restoration testing procedures
- Implement password policies and software-based password management solutions
- Conduct or outsource organisation-wide security audits.
MFA, which uses tokens or additional codes to enable at least two authentication processes after a username was input, can prevent most threat actors from gaining access to systems.
Backups are ineffective unless they are checked often and restoration procedures tested. Don’t wait to find out the backup can’t restore when it’s too late. Backups are essential to avoid ransomware demands.
We suggest using passphrases of up to 30 characters, for example song lyrics, to enhance security. Audits provide an overview of systems’ security structures and identify vulnerabilities.
Organisations should keep up to date with patches, which overcome new security risks “out in the wild”, and limit the number of users with admin-level system access.
There are six potential threats the clients need to be aware of:
- Business email compromise, also called CEO fraud, where threat actors interject into email streams to divert funds by exploiting technological and human vulnerabilities.
- Ransomware, where threat actors take control of systems and lock data until a ransom is paid.
- Cloud security – the increase in organisations outsourcing data storage to cloud-based infrastructure has increased security risks.
- Internet of Things (IoT) risks come from a range of products, like printers, smart TVs and automated home assistants, many of which have poor security.
- Mobile devices and BYOD which connect to corporate systems may be insecure.
- The increased focus on data breach notification since the introduction of Australia’s notifiable data breach scheme.
In WEF’s Global Risks Report 2020, cyber-attacks ranked as the second greatest risk for business globally over the next decade. Gerry says the threat is high from both likelihood and impact perspectives.