A hardening market in the last 24 months has lead to a perfect storm for many clients trying to obtain Cyber Insurance for business. A blend of decreased capacity in the market, the rising costs and frequency of claims and the increased scrutiny from insurers on clients’ systems and protections has made it more expensive and time costly for clients to obtain cover.
As claims costs of the cyber insurance rose, with an epidemic of ransomware attacks, insurers have had to pivot in order to protect their business to remain profitable.
Problems With Cyber Insurance
Certainly, before 2021 underwriters took a more relaxed approach to risks and requirements as profitability was so high, coupled with a desire to grab market share, waiving their needs for certain protections like MFA on (multi-factored authentication).
The tide has now turned. There is now a far greater spotlight placed on controlling risks, rather than previously looking at what the potential exposure was. What does a loss look like when it occurs, rather than how can it be contained post-event? This creates work for clients and can be time consuming without a guarantee of coverage at the end of the process.
Increasing Cost Of Cyber Insurance For Businesses In India
Education, new controls, and system upgrades, which insurers have demanded at the renewal and quote stage, have come as a shock for many, along with huge 80%+ increases in rates. Rates in 2024 are predicted to stabilize by many, but that isn’t a certainty.
Currently, some leading insurers will obtain only binary data at the quote stage and then rely on port scanning and other data mining tools to get a handle on vulnerabilities in order to assess the risk.
Ransomware questionnaires have become common place in the last few years too, as a supplementary document to some insurer’s demands for the completion of the main proposal form.
What Is The Future Of Cyber Insurance For Businesses?
2024 should hopefully see a degree of standardization of process due to a maturation process in the Cyber market which has been born out of some challenging conditions. This current lack of consistency between markets can lead to client frustration, not many have the appetite to complete multiple proposal forms.
This will start to move in a more healthier direction with a greater focus on a consistent question set. Insurers will continue to cherry pick clients in the next 12 months, so those who have the right security/controls in place at the quote stage. and the right culture from the top down, will be rewarded.
Much more can be done by brokers and risk managers to advise clients this year as many brokers see the potential for growth in this space, there are only relatively few who will manage to keep up with the pace of change. The spoils for those who manage to do this, are undoubted.
Reason For Rise in Cyber Insurance Claims Costs
The rising costs of cyber insurance claims is because of ransomware attacks are a growing concern for businesses of all sizes. These attacks involve hackers gaining access to a company’s network and encrypting their data, making it inaccessible to the victim. The hackers then demand a ransom payment in exchange for the decryption key.
See the end of the post for stats in relation to some of the increases. Extortion demands have increased exponentially with the average demand being over $1,000,000 for the first time, with Cyber criminals using new novel and increasingly aggressive methods to demand large payments.
Businesses need to take proactive steps to protect themselves and their systems, not just to be in line with insurer requirements, but because it protects their businesses. Insurers like to see a proactive client, not one who reacts to the demands and subjectivities of an insurer, but one who sees the protection of its data and systems as a central theme to success and healthy culture.
MFA for remote desktops has become generally, a standard requirement, rather than a ‘bonus’ for underwriters and there is a much greater and some would say, healthier focus on Cyber Hygiene. One key focus by insurers is how regularly clients back up all critical data, including financial records and customer information.
This way, they can assess if an attack does occur, and how able is the company to restore their data without having to pay the ransom. Protecting the ‘crown jewels’ has never been more important. Can your business afford to pay Rs 10,000,000 to restore your system?
How To Protect Your Business With Cyber Threat?
Here is a list of some of the key ways that you cyber insurance companies look at protecting your business and systems this includes several steps as follows:
- Daily Data Backup: It is important to backup your data on a daily basis this includes all critical data, including financial records and customer information, so that in case of any ransomware attack you would be able to restore them.
- Keep software and systems up to date: Make sure that you keep all system software updated with the latest security patches as these can help prevent your business from being exploited by hackers.
- Use anti-virus and anti-malware software: Instal antivirus or anti-malware software like Kaspersky, awast, Norton, etc for regular maintenance of your computer system, or use the Windows Defender to detect and prevent malware from damaging your systems.
- Train employees: Train your employees about the dangers of phishing scams and other scammy tactics that can help in preventing them from accidentally installing malware on company systems.
- Implement User Access Controls(UAC): Using User Access Controls(UAC) this will restrict access to sensitive data and give access to only those who need it.
- Use Cyber Insurance For Businesses: Cyber insurance policy for businesses in India can help businesses in India or all over the world to protect their data and protect themselves from the costs that is associated with a ransomware attack, such as the cost of restoring data, paying ransomware, and legal fees.
Education is key, as employees remain the weakest link in the chain. It’s absolutely worth looking at Cyber Essentials. This will allow your company, post completion of training, to obtain the correct credentials and certification.
It is strongly advised that you work with experienced brokers who can advise on what the requirements are for insurers at a multitude of levels.
- In the first half of 2022, there were around 236.1 million ransomware attacks globally.
- During 2021, at least 15.45% of internet users worldwide experienced at least 1 malware-class attack, which includes ransomware.
- According to a report of Kaspersky on ransomware attacks there were 366,256 unique users who defeated those ransomware attacks just in 2021.
- Ransomware accounted for around 20% of cyber breaches in 2022. For comparison, using stolen credentials (hacking) accounted for 40% of breaches in 2022, and phishing accounts for around 20%.
- The incident rate for ransomware attacks was lower in the US (7%) compared to the worldwide average (37%) in 2022.
- Just 13% of organizations reported suffering a ransomware attack and not paying the ransom in 2022.
- The FBI reported an increase in the number of ransomware attacks during holidays and over the weekends (days that the FBI offices are closed).
- The FBI’s Internet Crime Complaint Centre (IC3) reported receiving 2084 complaints relating to ransomware incidents between January and July 2021, with losses amounting to $16.8 million.
- At least 130 different ransomware families have been uncovered. Gandcrab is the most active family, with 78.5% of reported attacks attributed to it.