4 Ways Cybersecurity Insurance Coverage is Changing to Reduce Carrier Risk

One of the major crisis events that can seriously hurt a company and even put some out of business is a cyberattack. Costs of ransomware attacks and data breaches have continued to climb each year, and they now rival the cost of major physical disasters that can cause a company to be seriously damaged (hurricane, tornado, etc.).

The average cost for a data breach in 2020 was $4.24 million, which is 10% higher than the prior year. When companies are hit with malware, insider attacks, credential theft, ransomware, or other attacks, downtime can mean hundreds of thousands of dollars in lost business, plus lost customers and remediation costs.

Cybersecurity insurance was introduced in the late 1990s and has continued to evolve with the threat landscape. It has become just as important a safety net for companies as other types of business liability insurance.

Some of the typical things that are covered by cyber liability insurance include:

  • Identity theft remediation for customers or employees that had information compromised
  • Legal costs
  • Forensic information technology services
  • Public relations services for reputation damage control
  • Legal defense costs
  • Data restoration/recreation
  • Restoring computer systems
  • Lost business during downtime
  • Cost of the ransom paid to a ransomware attacker

This type of insurance can provide important protection against financial ruin if a small business becomes the victim of a cyberattack. 47% of surveyed small businesses have had at least one cyber attack in the past year.

Insurance Carriers Are Getting Worried About Cyber Attacks

If you have cybersecurity insurance or were thinking of getting it, there are some important trends happening in the industry you need to be aware of. Due to the rise in attack volume and in the costs of remediating an attack, insurance carriers are reducing coverage and beginning to refuse to cover certain types of threats.

This means businesses will be more at risk if they don’t make important cybersecurity enhancements to improve their defenses against cyberattacks. 

What’s Changing with Cyber Liability Insurance?

1. Dropping of Coverage for Attacks by “Nation-States”

One big announcement in the cyber insurance industry was by carrier Lloyd’s of London. At the end of 2021, it announced that it would no longer cover data breaches and other attacks that were perpetrated by nation-states

There are many state-sponsored hacking groups that conduct global attacks both on the infrastructure of other governments and on businesses. In addition to stealing government or proprietary secrets, these are also done to make money.

For example, an attack that originates with a state-sponsored hacking group can take advantage of a system vulnerability and launch ransomware. The hackers collect the ransom payments (which can be in the millions of dollars), and that money is then used by the nation to add to its coffers. 

With some carriers no longer covering these types of attacks, a business could end up having no safety net, when they thought they would be covered.

2. Eliminating Reimbursements for Ransom Paid to Ransomware Attackers

Ransomware demands skyrocketed by 518% in 2021. The average ransomware payment is now $570,000. 

Ransomware attacks have also been on the rise, and unfortunately, a majority of companies end up paying the attackers to get operations back up and running as fast as possible. 

This has led insurance companies to begin dropping payments for ransoms in their policies. Insurance carrier AXA recently announced that it would no longer provide any reimbursement for ransom paid to attackers. 

This makes it more important than ever for companies to ensure they have a solid backup and recovery solution. This ensures they can quickly have systems cleaned of the ransomware and restore their data in the event of an attack, without needing to consider paying a ransom. 

3. Increasing the Cybersecurity Requirements Companies Need to Meet

It’s becoming more difficult for companies to get cybersecurity insurance. Insurers are no longer wanting to cover businesses that aren’t following best practices and that do not have advanced IT security measures in place.

Some of the questions, you’ll see added to insurance coverage applications would be related to multi-factor authentication, privileged account management, and advanced threat protection capabilities.

4. Raising the Cost of Cyber Liability Insurance Policies

Along with drops in coverage and more stringent cybersecurity insurance requirements, carriers have also been increasing coverage costs to keep up with the rising threats and the cost of payouts.

During the first quarter of 2021, premiums for policies that covered ransomware payments saw double-digit increases each month. So, if you can get cyber liability insurance, you can expect to pay more for less coverage than just a year or so ago.

Schedule a Cybersecurity Audit & Improve Your Defenses

Cloudadvize can help your Dallas-Fort Worth business improve your cybersecurity defenses, so you are at a much lower risk of suffering a costly cyberattack.  

Contact Cloudavize today for a free consultation to get started.