What’s Driving Up the Cost of Cyber Insurance? 

The first half of 2022 saw a 52% increase in detected cyber threats versus the same period a year ago, signaling that companies must invest in a robust toolset of cybersecurity protections.  The average ransomware payment rose 72% over the last year, not including additional mitigation costs.

READ — Prioritizing Cybersecurity When Building Your Company Website

While cybersecurity incidents are increasing, businesses and insurance companies can work together to manage risks and implement practices to protect against possible attacks.

The Impact on Cyber Insurance

The frequency and magnitude of cyber attacks have directly led to a rise in cyber insurance costs. Premiums grew by 74% in 2021, indicating that companies shouldn’t anticipate premium cost relief any time soon. According to a recent IBM report, the average cost of a data breach in 2022 is a staggering $4.35 million. Cyber insurance providers balance the skyrocketing costs of remediation efforts while ensuring companies are protected against possible losses.

The massive costs associated with a data breach illustrate the need for businesses of all sizes to find a cyber insurance option that fits their organization. Cyber insurance policies are nuanced because each business has a unique set of potential risks and coverage needs. Insurance companies must consider the possible ramifications of a data breach, as well as what processes a company has in place to mitigate potential cyberattacks.

READ — Increased Cybersecurity Risks Are a Threat to Corporate Governance

Cyber insurance policies generally cover business interruption, security and legal incident response, systems restoration, ransom payments, and other associated costs. Keep in mind that each policy is different, so coverages vary.

Steps to Protect Against Cyber Attacks

Proactivity is the best defense against digital threats. Just as cybercriminals evolve their tactics, IT and security teams have to evolve their approach. When you apply for a cyber insurance policy, your insurer will want to see strong, documented evidence of data protection policies and procedures. Having a solid plan in place can help you and your insurance company better manage the cost of your policy.

Examples of security strategies include:

• Ensuring all employees use multi-factor authentication.
• Continually updating security procedures and plans in the event of a cyber attack.
• Offering ongoing training and education to ensure your employees are up-to-date on the latest information on phishing attempts, ransomware and other cyber threats.
• Using anti-virus software and email filtering.
• Documenting policies around user access and permissions.
• Ensuring vendors and third parties have security practices in place.

What to Expect When Applying for Cyber Insurance

If you are preparing to apply for cyber insurance or renew your current policy, you’ll have to answer an enhanced set of questions before your policy is issued. Talk with your insurance advisor about what to expect — these questions are an opportunity to identify potential weak spots and implement stronger protocols to better protect your business.

Sample questions include:

• How often do you perform backups and where is the information stored? 
• What is your user management policy? 
• What type of cybersecurity training do you provide employees and how often is it updated? 
• Do you use two-factor or multi-factor authentication? 
• What steps are you taking to actively protect against phishing and ransomware attacks?

With costs rising and underwriting guidelines tightening, start talking about your policies and renewals early to allow time to prepare for expanded questions about your company’s security approach. With premium increases across the board, companies can better manage costs by strengthening their security infrastructure and building documented procedures to better position themselves against cyberattacks.

At CCIG, we’re helping our clients stay future-ready by asking the right questions and collaborating with industry experts. Through our partnership with FRSecure, CCIG offers risk assessments, audit prep, penetration testing, and CSIRT risk registration to help our clients minimize risk and improve security programs.

While we can’t predict the future, we can prepare for it. Leverage the expertise of your insurance advisor to identify strategies and practices to maximize your coverage options while effectively managing your costs. Contact [email protected] or call (303) 799-0110 to get in touch with an advisor.

Spencer Mahoney oversees carrier relations, IT, marketing and employee engagement at CCIG. Spencer – who started his career in Boston as a commercial broker in the Life Science space before moving to Denver in 2017 – also heads CCIG’s Life Science and Technology Practice areas. A business graduate of the University of Arizona, he’s a board member of the Colorado Uplift, the Insurance Charitable Foundation (IIFC) and NephCure Colorado.