Please ensure Javascript is enabled for purposes of website accessibility

Tag: cybersecurity risks

What’s Driving Up the Cost of Cyber Insurance? 

The first half of 2022 saw a 52% increase in detected cyber threats versus the same period a year ago, signaling that companies must invest in a robust toolset of cybersecurity protections.  The average ransomware payment rose 72% over the last year, not including additional mitigation costs.

READ — Prioritizing Cybersecurity When Building Your Company Website

While cybersecurity incidents are increasing, businesses and insurance companies can work together to manage risks and implement practices to protect against possible attacks.

The Impact on Cyber Insurance

The frequency and magnitude of cyber attacks have directly led to a rise in cyber insurance costs. Premiums grew by 74% in 2021, indicating that companies shouldn’t anticipate premium cost relief any time soon. According to a recent IBM report, the average cost of a data breach in 2022 is a staggering $4.35 million. Cyber insurance providers balance the skyrocketing costs of remediation efforts while ensuring companies are protected against possible losses.

The massive costs associated with a data breach illustrate the need for businesses of all sizes to find a cyber insurance option that fits their organization. Cyber insurance policies are nuanced because each business has a unique set of potential risks and coverage needs. Insurance companies must consider the possible ramifications of a data breach, as well as what processes a company has in place to mitigate potential cyberattacks.

READ — Increased Cybersecurity Risks Are a Threat to Corporate Governance

Cyber insurance policies generally cover business interruption, security and legal incident response, systems restoration, ransom payments, and other associated costs. Keep in mind that each policy is different, so coverages vary.

Steps to Protect Against Cyber Attacks

Proactivity is the best defense against digital threats. Just as cybercriminals evolve their tactics, IT and security teams have to evolve their approach. When you apply for a cyber insurance policy, your insurer will want to see strong, documented evidence of data protection policies and procedures. Having a solid plan in place can help you and your insurance company better manage the cost of your policy.

Examples of security strategies include:

  • Ensuring all employees use multi-factor authentication.
  • Continually updating security procedures and plans in the event of a cyber attack.
  • Offering ongoing training and education to ensure your employees are up-to-date on the latest information on phishing attempts, ransomware and other cyber threats.
  • Using anti-virus software and email filtering.
  • Documenting policies around user access and permissions.
  • Ensuring vendors and third parties have security practices in place.

What to Expect When Applying for Cyber Insurance

If you are preparing to apply for cyber insurance or renew your current policy, you’ll have to answer an enhanced set of questions before your policy is issued. Talk with your insurance advisor about what to expect — these questions are an opportunity to identify potential weak spots and implement stronger protocols to better protect your business.

Sample questions include:

  • How often do you perform backups and where is the information stored? 
  • What is your user management policy? 
  • What type of cybersecurity training do you provide employees and how often is it updated? 
  • Do you use two-factor or multi-factor authentication? 
  • What steps are you taking to actively protect against phishing and ransomware attacks?

With costs rising and underwriting guidelines tightening, start talking about your policies and renewals early to allow time to prepare for expanded questions about your company’s security approach. With premium increases across the board, companies can better manage costs by strengthening their security infrastructure and building documented procedures to better position themselves against cyberattacks.

At CCIG, we’re helping our clients stay future-ready by asking the right questions and collaborating with industry experts. Through our partnership with FRSecure, CCIG offers risk assessments, audit prep, penetration testing, and CSIRT risk registration to help our clients minimize risk and improve security programs.

While we can’t predict the future, we can prepare for it. Leverage the expertise of your insurance advisor to identify strategies and practices to maximize your coverage options while effectively managing your costs. Contact [email protected] or call (303) 799-0110 to get in touch with an advisor.

 

SpencermahoneySpencer Mahoney oversees carrier relations, IT, marketing and employee engagement at CCIG. Spencer – who started his career in Boston as a commercial broker in the Life Science space before moving to Denver in 2017 – also heads CCIG’s Life Science and Technology Practice areas. A business graduate of the University of Arizona, he’s a board member of the Colorado Uplift, the Insurance Charitable Foundation (IIFC) and NephCure Colorado.

Increased Cybersecurity Risks Are a Threat to Corporate Governance

Technology evolves daily, and so do the risks associated with it. According to Accenture’s latest State of Cybersecurity Resilience report, surveyed businesses experienced an average of 270 attacks in 2021, a 31% increase compared to 2020. Successful attacks also increased. 

This growth is the result of many factors, including rapid innovation. According to Gartner, attack surface expansion is a risk affecting many businesses across the globe. 

Enhanced Risk: Remote Work 

One of the key motivators behind the attack surface expansion is the rise of remote work. Home and mobile devices are now being used for business purposes, and employees connect to outside networks without knowing if they’re secure. This doesn’t even address the fact that sensitive or confidential materials are often being sent in emails or text messages using unsecure devices and unsecured networks. 

Unfortunately, many businesses were unprepared for the switch to remote-based work, resulting in increased attacks. Outdated security policies and a lack of security awareness for employees are two factors that are to blame. 

These factors lead back to a lack of focus on cyber risks within corporate governance. 

How Cybersecurity Affects Corporate Governance 

Cybersecurity should be a top priority within any governance strategy. After all, cyber risks affect nearly every aspect of corporate governance. Of course, the most obvious impact is within the company’s security posture. However, other effects exist within crucial areas of governance that must be addressed. 

For example, cyber-attacks directly impact a company’s finances, which are at the heart of corporate governance. According to IBM’s Cost of a Data Breach report, the average cost of a data breach increased by 2.6%, from $4.24 million in 2021 to $4.35 million in 2022. This is also an increase of 12.7% when compared to 2020. 

Other intangible costs are also involved, such as impaired business reputation with consumers and investors. These intangible and financial losses can potentially be detrimental to many organizations, especially SMBs. 

Another key area of impact is business operations. Standard cyber-attack methods, such as the use of malware, can completely disrupt a company’s operations. The resulting downtime can lead to many consequences, such as a loss of revenue and negative customer experiences. 

These impacts can be combated by prioritizing cybersecurity within corporate governance strategies. Boards must take the time to understand and define organizational cyber risks and their potential impact.

They must also consider cybersecurity when making critical business decisions and ensure adequate resources are available to mitigate risks, from software tools to employee training. 

The Bottom Line: Cybersecurity Is More Than a Tech Issue 

Cybersecurity is often viewed as a tech-specific issue that is best handled by the CTO and others responsible for managing a company’s technology. This is a dangerous misconception—cybersecurity is a company-wide risk management issue and must have a place within the boardroom. 

 

Douglas R GriessAaronJohn T SnowDoug R. Griess, J. Aaron Atkinson, and John T. Snow of Hackstaff Snow Atkinson & Griess, LLC are top Denver business attorneys with expertise spanning various industries. Specializing in business law, litigation, intellectual property, tax law, and dispute resolution, the firm offers an in-depth understanding and knowledge of general corporate rules and regulations and is a trusted resource for business owners throughout Colorado.