Cyber insurance is a topic that typically flies under the radar when discussing the economics of cyber attacks. However, as we head into the new year, many believe that 2016 will see it take the spotlight.
With high profile cyber attacks exponentially increasing over the past year, cyber insurance premiums have skyrocketed. Insurers are significantly increasing premiums for some companies, leaving “high risk” organizations scrambling for cover. There are even some cases where insurers are limiting the amount of coverage to $100 million. With the rate at which cyber attacks are growing in both volume and complexity, it would be no surprise if next year sees firms exposed to losses that end up costing more than twice that. From a technology perspective, it’s been predicted that cyber insurance requirements will be the key driver of cyber security improvements over 2016.
Evidently, now is the time for organizations to ensure that they are well protected without having to dig too deep into their pockets.
Cyber Insurance Challenges in The Digital Age
One of the key reasons for the soaring premiums over the past year has been the growing underwriting challenges facing the insurance industry for cyber security.
Today, cyber criminals are an increasingly diverse group, displaying a greater variety of motives and desired destructive outcomes as they go after both traditional (financial services, retail, government) and non-traditional (power plants, consumer sites & applications) victims. Criminals are also employing a wider range of attack methods that are ever-evolving technically.
With the underlying risks changing so rapidly, it is becoming extremely difficult to keep up risk analysis for underwriters and business alike. Even when an organization is more serious about purchasing cyber insurance, companies themselves have difficulty in presenting a picture of their risk that is relevant to underwriters. There is a fundamental lack of understanding regarding the exposure at all levels, and the uncertainty is pushing premiums to an all time high.
Curbing Cyber Insurance Costs
So how can you reduce the cost of your organization’s cyber security insurance?
Generally, having a robust and well tested security programs and response plans in place that is superior to competitors tends to result in lower premiums. This would usually be reflected in an organization’s ability to demonstrate proactive and effective strategies to protect customers from malicious attacks.
While risk analysis is generally proving difficult for underwriters, organizations that are able to show they are taking a proactive stance to address the impact of cyber crime and fraud, for example by using a solution such as Agari to secure and authenticate its email channels, will benefit from lower cyber insurance premiums.
How Protected Are You?
Clearly, this shows a healthy understanding in the insurance industry that proactive protection means less risk – even if that risk is not fully understood. However, businesses should not think they are protected simply because they have cyber insurance.
The reality is that while insurance will put some money back into the organization after a breach or attack, it will not restore consumer confidence or stop the regulators monitoring your organization.
An organizations’ primary concern should be protecting customers and employees. Insurance policies will cover some financial expenditure related to dealing with a data breach, but it does nothing to protect customers’ data.
As Patrick Peterson, Agari’s CEO, told Inc:
“People think cyber risk is completely a financial issue. They are completely missing the boat. If they care about the financial issue, do a cost-benefit analysis. No one says they have great health insurance and decides not to care about their health, so it’s important we don’t think about cyber insurance the same way … It is a worthwhile investment to get cyber insurance, but it is not the solution. You’re not covered [in terms of data protection], you just get some lost money back. The actual impact on your business is far greater than the financial costs – it’s your brand, your reputation, government oversight, and your job if you get breached like Target. There’s no CEO job insurance.”
If you’d like to learn how you can protect your organization from the fall-out associated with a breach, check out our actionable Breach Response Plan.