Cybersecurity insurance premiums have skyrocketed
Happy new year to you! Hope you had or if you’re lucky, still having a good break.
If you are still away from your computer, then don’t read this email now. Instead, take a look at it when you return. I’ll still be here to pester you about Cybersecurity insurance on your return.
Yes. We’ve tried to stop beating the “better Cybersecurity” drum too much, but I’m afraid we’ll never really be done with it. So today, we’re back talking about Cybersecurity insurance.
Let’s talk (yawnnnnnnn) insurance!!!!
Cybersecurity Insurance Premiums Up more than 25% in the last quarter
No insurance premiums saw greater growth in the second quarter of 2021 than those related to cybersecurity.
According to the Council of Insurance Agents & Brokers, cyber insurance premiums grew more than a quarter (25.5%) during that period.
That’s well above the 17.4% increase witnessed by umbrella insurance and an average of 8.3% growth across all premiums.
Why has Cybersecurity insurance increased?
No other factor had as much of an impact on cyber insurance premiums for Q2 2021 as ransomware.
According to ITProPortal, global ransomware volume reached 304.7 million attack attempts in the first half of 2021. That’s more than all attacks in 2020.
At the same time, ransomware costs have risen. In its Cost of a Data Breach Report 2021, for instance, IBM observed that ransomware attacks cost an average of $4.62 million.
Those damages, which included escalation, notification, lost business and response (but not ransom payments), eclipsed the $4.24 million price tag for the average data breach.
Victims turned to cyber insurance to cover their ransomware costs in the age of hybrid and remote work, which has been exploited by hackers since the pandemic started.
Beyond those damages, 64% of insurers said their clients relied on an insurer to help them pay following a ransomware attack.
How can I protect my business from Cybersecurity attacks?
Firstly, please remember that cyber insurance is unlikely to pay out the full amount for a security incident. So you need to ensure you reduce your risk.
1. Understand your risk
Have your systems audited so you know where your weaknesses are. You cannot protect yourself unless you are aware of your situation
Once you have that understanding, then the following activities can reduce your insurance premiums:
2. Get cybersecurity insurance
Having the resources and financial support of an insurance claim will be very important when it comes to dealing with an incident.
3. Reduce your premiums
Here’s a list of 10 things you should be doing that will both help secure your environment and reduce your premiums. Please note that most insurance companies will ask if you’ve been hacked or breached when deciding if they will provide you insurance. So ensuring your environment is as secure as possible always helps.
- Have a penetration test conducted on your network and websites so you can see where your weak points are
- Ensure you have a clear understanding of the sensitive data you store, how much there is and where it’s stored
- Ensure all data is encrypted
- Ensure your IT environment is patched regularly
- Remove legacy (old and unsupported) systems from your environment
- Conduct phishing simulation testing on your staff
- Enrol staff in security training that is conducted annually
- You have a data breach response plan
- All your data is backed up off-site regularly and it is also tested regularly
We are here to help
Please don’t leave your security and protection in the too hard basket. We can help with the above activities and more. And don’t assume that your business can’t be affected by a security incident. Please reach out and we can organise a cybersecurity audit to help you reduce your cyber security risk
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.