What Is Cybersecurity Insurance?

Posted on by

Cyber Insurance

While cybersecurity insurance is still a pretty new concept for many small businesses, it has been around since the 1990s to provide coverage for mainly large enterprises. Back then it covered things like data processing errors and online media. Since that time, the policies for this type of liability coverage have changed.

Today, cyber insurance policies cover the typical costs of a data breach, including remediating a malware infection or compromised account. The policies will cover things like:

  • Recovering compromised data and repairing compromised systems
  • Ransomware payments (Note: payments to hackers may be illegal in some countries).
  • Mandatory customer notifications about the data breach
  • Providing personal identity monitoring to any affecting people.
  • IT forensics / cyber security professionals to investigate the breach
  • Any legal expenses

The number of data breaches and their costs continue to rise. 2021 set a record for the most recorded data breaches on record and in the first quarter of 2022, breaches were up 14% over the prior year.

Both large and small business are a target and no one is safe, with about 60% of small businesses close down within 6 months of a cyber incident.

The increase in online danger and rising costs of a breach have led to cybersecurity insurance industry being in a constant evolving model. Businesses also need to keep up with these trends to ensure they can stay protected.

Here are some of the cyber liability insurance trends you need to know about.

Demand for Insurance is Going Up

The average cost of a data breach is currently $4.35 million (global average). In the US, it is more than double that, at $9.44 million. As these costs continue to balloon, so does the demand for cybersecurity insurance.

Companies of all types are realising that cyber insurance is critical and is as important as their business liability insurance. Without that protection, they can easily go under in the case of a single data breach.

With demand increasing, this means more competition and more policy options, which is good for those seeking coverage.

Premiums are Increasing 🙁

Despite there being more competition in the insurance industry, premiums are increasing as the costs from lawsuits, ransomware payouts and other remediation task have significantly increased over the past few years.

With the increase in cyberattacks has come an increase in insurance payouts and insurance companies are increasing premiums to keep up. In 2021, cyber insurance premiums rose by a staggering 74%.

Certain Coverages are Being Dropped

Certain types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for “nation-state” attacks (ie attacks that come from a government) and ransomware.

Many known hacking groups have ties into various governments, so an attack could very well be in the nation state category. In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. So, if you see that an insurance policy excludes this type of attacks, be wary.

Insurance carriers are tired of unsecured clients relying on them to pay the ransom to get back access to their encrypted data. So many are excluding ransomware payouts from their policies. This puts the responsibility back on business owners to ensure their backup and recovery strategies are well planned.

It Is Harder to Qualify

Just because you want cybersecurity insurance, does not mean that insurance companies will provide the service to you. Insurance companies are not willing to take chances on companies with no or poor cyber security policies.

Some of the factors that insurance companies look for include:

  • Local network security
  • Cloud account security policies (such as Secure Score for M365).
  • Use of policies such as multi-factor authentication.
  • BYOD and device security policies.
  • Use of advanced threat protection security software.
  • Automated security processes
  • Backup and recovery policies
  • Administrative access to systems
  • Anti-phishing tactics
  • Employee security training

You will often need to fill out a lengthy questionnaire forms when applying for insurance. This document will ask questions about your cybersecurity situation, and it is a good idea to have your IT partner help you with this.

This can seem like a lot of work that you have to do to qualify for cyber insurance. As you review the questions, your IT provider can identify security improvements and with your permission implement them. Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums.

It will pay to do a cybersecurity review before applying for cyber insurance as you can save yourself time and money. It can also strengthen your defences against cyberattacks.

Need Help Making Sense of Cybersecurity Policies?

Cybersecurity coverage and insurance applications can be very complex and confusing. If you answer wrong on a question, it can mean paying hundreds more in premiums than you should. So don’t go it alone, if you are in Australia give DP Computing a call and schedule a consultation. We can then explain the policy details in plain English and provide guidance and help.