Cyber insurance costs are skyrocketing. At the same time, some insurance providers are tightening restrictions on cyber insurance coverage. Compounding matters more, some premiums are increasing as much as 50% to 100% for renewals and new policies. All of this is on top of a 28.6% increase in cyber protection costs in 2021.
When it comes to combating rising cyber liability insurance costs, some things are out of an organization’s control. However, there are steps an organization of any type or size can take to shield its bottom line from rate hikes.
Why Are Cyber Liability Insurance Costs Rising?
Originally designed for rare, catastrophic events, cyber liability insurance policies are being used more than ever before. The spike in cyber liability insurance claims is a direct reflection of the increased threat activity and the growing number of breaches. Cyberattacks reached record levels in 2021 with estimates showing a dramatic 50% increase every week in 2021 versus 2020.
The loss ratio for cyber insurance providers has also continued to escalate. Between 2016 and 2019, insurance providers paid out 43 cents of every dollar taken in for claims. In 2020, payouts topped 73 cents out of every dollar. Global cybercrime now accounts for $6 trillion in losses and that number is expected to rise to $10.5 trillion by 2025.
Organizations are seeing across-the-board attacks from threat actors. Data breaches, ransomware, third-party-vendor attacks, and supply-chain cyber vulnerabilities are all on the rise. Despite this increase, many organizations still suffer from inadequate cybersecurity hygiene/maturity programs and lack defined incident response readiness plans. Not only are these practices putting company assets at risk, but they may also give insurance providers ammunition to deny claims.
5 Ways to Combat Increasing Cyber Insurance Costs
A cybersecurity partner can help an organization lower its risk and mitigate some cyber insurance costs with
- Ongoing Penetration tests & cyber vulnerability assessments
- Robust Incident response, business continuity, and disaster recovery plans
- Patch management plan & vendor risk management plan
- Security awareness training
- Cybersecurity best practices
Penetration Tests & Cyber Vulnerability Assessments
Risk identification is a key part of risk mitigation. Regular gap assessments, penetration tests, tabletop exercises, and vulnerability assessments can uncover security gaps. These assessments also demonstrate proactive measures to limit risk, which may help in case of a claim.
Incident Response, Business Continuity, and Disaster Recovery Plans
More than three-quarters of companies do not have a well-defined cyber incident response plan (IRP). In cyberattacks, seconds matter. Damage can escalate quickly if an organization does not respond appropriately and quickly. Companies need to create and test their incident response plan to assure prompt response.
Besides your IRP, an organization also needs a written and well-defined BCP (business continuity plan) and DRP (disaster recovery plan).
Patch Management Plan & Vendor Risk Management Plan
Organizations continue to suffer from self-inflicted wounds by failing to stay on top of software patches and updates. A Ponemon Institute report showed that as many as 60% of security breaches were due to exploitation of a known vulnerability where a patch was available. By failing to have a consistent patch management plan, organizations are taking unnecessary risks.
Another growing area of cyber risk is third-party providers. Organizations need a way to assess and identify potential security gaps with vendors.
Security Awareness Training
For any organization, employees are the most significant cybersecurity risk. As such, employees should receive regular formal training in security awareness, including recognizing phishing and social engineering threats. An untrained employee is as big a threat to an organization’s cyber defenses as an adversary.
Cybersecurity Best Practices
Organizations need to deploy best practices for cybersecurity, including multi-factor authentication, real-time threat intelligence, and zero-trust policies as part of an endpoint security solution.
Cyber Insurance Rate Hikes & General Counsel
An organization’s general counsel (GC) should work very closely with its cybersecurity team to understand all the requirements laid out by the cyber insurance provider. For example, a cyber insurance provider will make sure best practices such as multi-factor authentication (MFA), strong passwords, security operations center maturity, and others are being followed.
GCs must play an active role in reviewing and understanding the scope of the coverage and any exclusions, especially for a global firm with multiple entities and with an active mergers and acquisitions strategy. Lack of compliance can be costly and lead to claims being denied.
Along with the executive team, GCs need to evaluate their communication procedures on how to share the information with affected parties and with the cyber insurance provider in case of a risk. Many policies include a prescribed notification period, so GCs and risk management teams need to ensure it is included in their incident response playbook.
Keeping Cyber Liability Insurance Costs in Check
Cybersecurity is complex. Lapses not only damage your organization but also impact your insurance premiums and ability to recover in case of a breach. A cybersecurity partner helps with all of the above to keep an organization’s insurance premiums as low as possible and increase the odds of a successful claim.
Cybersecurity consultants take the heavy lifting out of cybersecurity and data protection by making sure an organization has robust defenses and meets compliance regulations.
Insulate Your Organization From Unnecessary Rate Hikes
Contact us today to find out how we can help your organization avoid rate hikes resulting from things within your control.