By Melissa Davidson
Cyber insurance, which not too long ago was thought of as a want and not a need, is now considered a primary component in many business insurance policies. Cyberattacks are on the rise with breaches becoming more frequent and losses becoming more severe.
According to AM Best, “The loss ratio for cyber insurance rose dramatically in 2020, [up] to 67.8 percent from 44.8 percent in 2019. However, the increase was not limited to just a few insurers—the loss ratio rose for 15 of the 20 largest cyber insurers.”
Cyber liability insurance generally covers a business’s liability for a data breach involving sensitive customer information: such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.
Those costs can include lost income due to a cyber event, costs associated with notifying customers affected by a breach, costs for recovering compromised data, costs for repairing damaged computer systems and more. Moreover, cyber coverage is not automatically included in general liability coverage and is generally excluded. This coverage needs to be purchased separately.
Cyber insurance claims can be triggered by an assortment of incidents, but currently the most common are ransomware, fund-transfer fraud attacks, and business email compromise scams. The cost of cyber insurance will depend on the size of the business and the annual revenue generated. Since the market is changing rapidly so is the application process. The application process is becoming more involved as companies are conducting cyber assessments—to evaluate if adequate cyber security defense is already in place—before approving coverage.
Many carriers are now requiring companies to use nultifactor authentication (MFA). Factors are something only you know, like a password. Other factors may include a device only you have access to, like a token or a smartcard, or it could be biometric identification through a fingerprint. For example, being asked to input a code texted to your cell phone after entering a password on your computer is MFA.
Adding MFA helps to protect a business by adding an additional layer of security, making it more difficult for cyber criminals to gain access to sensitive information. Unfortunately, having just a password does not offer enough protection as they are frequently compromised and posted on the dark web. Therefore, best practices include requiring employees to use complex passwords and having multifactor authentication in place to keep your organization’s cyber defenses resolute and robust.
Have you ever received an email that looks exactly like a co-worker’s email address? Social engineering, or phishing, is an attempt to convince a user to take an action under false pretense.
It is an effective way for attackers to get around existing technological defenses. It is highly advised that all employees receive periodic security awareness and phishing training to ensure that they are following policies and procedures regarding security threats.
The best way to minimize your exposure is to employ regular training and phishing exercises which can closely replicate all types of social engineering tests. Companies should have a comprehensive written policy and program in place just as they would for workplace safety and other important topics.
You may have heard the statement, “It’s not a question of if your organization will suffer a breach, but when.” As the frequency of cyberattacks continues to increase, the way cyber insurance operates will continue to evolve. Cybercriminals continue to wreak destruction on businesses of every size.
According to the National Security Institute, the average ransom fee requested has increased from $5,000 in 2018 to around $200,000 in 2020. Ransomware is an ever-growing issue in the cybersecurity space and continues to shape the insurance landscape today. Take the steps to prevent an attack and data loss within your organization. The alternative isn’t worth the risk.