The importance of cyber insurance for today's businesses
Cyber insurance can help businesses save millions of dollars and years of recovery in the event of a cyberattack.
Headlines about large-scale hacks, data breaches, and other types of cyberattacks are in the news every other day. Last year we saw a major uptick in cybercriminal activity in general, and the forecast for 2022 doesn’t look great either. Consequently, more businesses raise the serious question of what they can do to mitigate the risks and improve the odds of surviving an attack. In part, the answer is cyber insurance — an insurance policy designed to protect businesses from the fallout due to cyberattacks, data breaches, and other hacking-related threats.
The issues of ‘when’ rather than ‘if’
In the past 12 months, cybercrooks had no days off, as we saw a 50% increase in cyberattacks per week on corporate networks compared to 2020. Arguably, small and medium-sized businesses felt the increase the most. This is in large part due to the evolution of ransomware attacks. Ransomware as a service — which essentially unites cybercrooks into a singular business-type unit that provides the service of carrying out specifically designed and targeted ransomware attacks on businesses — has been the trend of the year.
As big-time players are increasingly hacked, breached, and attacked, smaller businesses realize that it is no longer a question of “if” the attack is coming but rather “when” it is coming. And with severe financial consequences that could be of existential proportions for stellar organizations, it’s not surprising that back in 2020 alone, the cyber-insurance industry experienced a 33.5% growth. In many instances, cyber insurance is of critical importance whenever a business entity faces a cyber incident. So for any organization that looks to succeed in today’s digital economy, factoring in cyber liability as part of their security infrastructure is a must.
Do businesses with cyber insurance face cybersecurity risks more frequently?
Because cyber insurance is a relatively new industry, there still are quite a few misconceptions about the whole thing. But the most prevalent one claims that organizations with a cyber insurance policy face attacks on a more frequent basis.
The myth is rooted in the belief that bad actors know if the organization has a policy before an attack. However, the fact of the matter is that there’s no way for cybercrooks to have that kind of information. There’s no list of cyber-insured entities available for the public. At best, the hackers could find out about cyber insurance only after carrying out an attack.
In a recent NordPass lead webinar that covered the ins and outs of cyber insurance, Andrew Lipton, vice president and head of cyber claims at AmTrust Financial Services, noted:
“There’s never been an event I’ve seen on the carrier side or when I was an outside counsel before, where the basis of the attack was the attacker’s discovery that insurance existed.”
Moreover, even if bad actors were aware of a company holding a cyber insurance policy, it should only deter their interest in carrying out an attack. Because if anything, a cyber policy would only signify that the business holding one is serious about its cybersecurity practices on almost every level.
Preparing for cyber insurance: What businesses need to know and do
Today, as we continue to see cybersecurity threat numbers rise, more companies than ever prioritize cybersecurity and cyber insurance as a single unit to mitigate potentially crippling risks that cyber incidents pose. The challenge for many organizations is understanding what cyber insurance offers, what it covers and how it can be secured.
Generally, cyber insurance is designed to protect the company from cybersecurity risks, privacy risks, operational risks and service-related risks. In most cases, a cyber policy protects organizations in case of network interruptions, network security and privacy liability, media liability as well as errors and omissions. Often the coverage includes legal expenses, data restoration costs, IT forensics, public relations and other costs. Of course, all of this depends on the specifics that a company and insurer agree upon.
When applying for cyber insurance, businesses ought to understand that securing a policy heavily depends on the already existing security infrastructure and security practices.
Due to today’s heated cyberthreat climate, issuers require specific security controls to be in place as a starting point. These often include the necessity of having tools for network security such as VPNs, password managers and others to limit credential leakage, multi-factor authentication to mitigate unauthorized access and other detection tools deployed across all the endpoints in the organization.
Often, securing a policy is a lot easier with expert guidance. In the webinar discussing cyber insurance, Lipton also stressed that business leaders should take their time to sit down with experts and absorb their insights, and then translate all of that into actionable steps to secure a cyber liability policy.
A part of a larger puzzle
Even though cyber insurance is still quite new, we’re seeing it become an inseparable part of any business security strategy.
As businesses continue their journey in the digital age, it is important to move past the thinking that cyber insurance is just a nice thing to have in case of an emergency and adopt a view that a cyber policy is an integral part of a company’s security infrastructure.
Think of it this way: it’s a part of the larger puzzle, and without that piece, there’s an opening for bad actors to use.
Lukas Grigas is a cybersecurity content writer for NordPass and focuses on making the complex subject of cybersecurity simple and easy to understand.
Related:
- Small businesses are big targets for fund transfer fraud
- Ways insurers can reduce the threat of cyber risks
- A look at the 2022 cyber market