Cybersecurity insurance is still a pretty new concept for many SMBs. It was initially introduced in the 1990s to provide coverage for large enterprises. It covered things like data processing errors and online media.
Since that time, the policies for this type of liability coverage have changed. Today’s cyber insurance policies cover the typical costs of a data breach including remediating a malware infection or compromised account. Cybersecurity insurance policies will cover the costs for things like:
- Recovering compromised data
- Repairing computer systems
- Notifying customers about a data breach
- Providing personal identity monitoring
- IT forensics to investigate the breach
- Legal expenses
- Ransomware payments
The increase in online danger and rising costs of a breach have led to changes in this type of insurance.
No one is safe. Even small businesses find they are targets. They often have more to lose than larger enterprises as well.
The cybersecurity insurance industry is ever evolving. Businesses need to keep up with these trends to ensure they can stay protected.
Demand is going up
The average cost of a data breach is currently $4.35 million (global average). In the U.S., it’s more than double that, at $9.44 million. As these costs continue to balloon, so does the demand for cybersecurity insurance.
Companies of all types are realizing that cyber insurance is critical. It’s as important as their business liability insurance.
With demand increasing, look for more availability of cybersecurity insurance.
Premiums are increasing
With the increase in cyberattacks has come an increase in insurance payouts. Insurance companies are increasing premiums to keep up. In 2021, cyber insurance premiums rose by a staggering 74%. Insurance carriers aren’t willing to lose money on cybersecurity policies.
Certain coverages are being dropped
Certain types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for “nationstate” attacks. These are attacks that come from a government.
Many governments have ties to known hacking groups. So, a ransomware attack that hits consumers and businesses can very well be in this category.
In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. So, if you see that an insurance policy excludes these types of attacks, be very wary.
Another type of attack payout that is being dropped from some policies is ransomware.
Insurance carriers are tired of unsecured clients relying on them to pay the ransom. So many are excluding ransomware payouts from policies. This puts a bigger burden on organizations.
It’s harder to qualify
Just because you want cybersecurity insurance doesn’t mean you’ll qualify for it. Qualifications are becoming stiffer. Insurance carriers aren’t willing to take chances. Especially on companies with poor cyber hygiene.
Some of the factors that insurance carriers look at include:
- Network security
- Use of things like multi-factor authentication
- BYOD and device security policies
- Advanced threat protection
- Automated security processes
- Backup and recovery strategy
- Administrative access to systems
- Anti-phishing tactics
- Employee security training