Melbourne Business: Get the inside scoop on what’s changing in cybersecurity insurance
Yikes, $17.55 for a packet of sliced cheese.
I mean, lettuce topping out at $11 a few months ago was crushing for the average family grocery bill. It made Taco Tuesday suddenly very expensive. I don’t know about you, but cabbage is not a mouth-watering swap for iceberg lettuce.
Covid, supply chain issues, a war in Ukraine, then floods have all shattered the price of everyday food on the Coles and Woolies shelves.
With families and businesses under a sustained cost of living crisis, it’s no wonder many start to look to trim the cloth where they can. For some households, it’s dropping Netflix. For others cutting back on their daily caffeine fix, and for some, it’s increasing their insurance excess to lower the premiums.
Of course, there are many ways to save on insurance. Reduce your sum insured. Maybe you don’t think you need gold-level extras or shop around for a better deal.
Here’s the truth, insurance can sometimes be unaffordable. And when Medibank Private was hacked, they revealed they couldn’t afford cybersecurity insurance.
Unlike Medibank Private, cybersecurity insurance is still a new concept for many Melbourne businesses. However, during the 1990s, insurers introduced cover to guard against cybercrime for large enterprises.
The insurance covered events like data processing errors and online media.
But since then, the policies for this liability coverage have changed. Today, you can expect a cyber insurance policy to cover the typical costs associated with a security data breach, remediating a malware infection or compromised account.
A comprehensive cybersecurity insurance policy can cover the unexpected costs of events such as
- Recovering compromised data
- Repairing IT systems
- Helping notify customers about a data breach
- Providing personal identity monitoring
- IT forensics to investigate the breach
- Legal expenses
- Ransomware payments
Data breach and cybercrime continues to rise, with 2021 setting a record for the most recorded data breaches. We have seen major Australian household brands targeted in 2022, and in just the first few months, breaches increased by 14% to the prior year.
It has become essential that all sizes of businesses maintain robust IT security policies. In fact, a recent study found 60% of small businesses are crippled by a cyberattack leading to closing within six months.
Many Melbourne businesses continue to turn to cybersecurity insurance to head off this escalating threat. But with more companies taking out this cover, premiums are increasing alongside the rise in cyberattacks.
Here is the latest news on cybersecurity insurance trends.
Increased demand for cover
Last year, a data breach cost an average of $USD 4.35 million globally. In Australia, it’s currently $AUD 3.5 million, though that’s expected to increase in 2023 due to Optus hacking. In the United States, it’s more than triple that, at $9.44 million. As these costs continue to skyrocket, so does the demand for cybersecurity insurance.
Many businesses and companies recognise that insurance is a critical investment with the growing threat of cybercrime. For many, it’s as essential as their business liability insurance. Without that cyber insurance protection, they can suffer significant financial and reputational damage from a single data breach.
Premiums are surging
An increase in cyberattacks has led to a significant increase in insurance payouts. So insurance companies need to increase premiums.
Cybersecurity insurance premiums rose by a staggering 74% throughout 2021. The costs from lawsuits, ransomware payouts, and other remediation have driven this increase.
Insurers are dropping cover for some events.
You may find that cyber insurance policies no longer cover certain events. For example, some insurers are dropping coverage for “nation-state” attacks. These are defined as an attack carried out by a foreign government.
Many governments have known ties to hacking groups. So, a ransomware attack that hits consumers and businesses can very well be in this category.
21% of nation-state attacks were carried out against consumers, and 79% against companies in 2021. That’s why you should pay particular attention to policy exclusions to ensure you understand what events are covered by insurance.
Ransomware attacks have increased by 24% during the first two quarters of 2022. This has seen insurers exclude cover for ransomware. By excluding ransomware as an insured event, it falls on your business to ensure you have adequate backup and recovery plans.
It’s becoming more challenging to qualify for cover
Insurers will continue introducing stricter qualifications when assessing your application for cybersecurity insurance. So it’s more complex than applying for a policy and the insurer automatically accepting it.
Increasingly, insurers are considering factors that include:
- Overall network security
- Contextual authentication like MFA
- Bring Your Own Device and security policies
- Advanced threat protection
- Automated security processes
- Backup and recovery strategy
- Administrative access to IT systems
- Anti-phishing tactics
- Employee security training
In many cases, you’ll need to complete a comprehensive insurance application, including several questions about your cybersecurity situation. It makes sense to have your IT-managed service provider help you.
Whilst it may appear to be a lot of work to qualify, the process can also serve as a way to review your current IT security. When you identify security vulnerabilities, you can take steps to remedy them now. And this could even lead to reduced premiums if you’re accepted.
Whatever you do, ensure your policy covers social engineering attacks. This is the number 1 method of infiltration and is usually not on default policies.
Cybersecurity insurance can be complex. Let us help.
Reviewing your existing IT security can help you save both time and money when considering insurance. We can help your Melbourne business conduct a review before applying. Schedule a call for a no-obligation discussion.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.