Obviously, for you, cyber insurance is all about minimizing your cybersecurity liability, but insurance carriers have skin in the game, too. In order to maximize their profit, they have to minimize their own liability, which means they won’t cover you unless you’ve taken certain cybersecurity precautions to protect your business. Things like multi-factor authentication, an iron-clad incident response plan, and offline storage of backup databases are a few of the critical components cyber insurance carriers evaluate when determining coverage.
The key to securing adequate coverage–at an affordable premium–is to make your cybersecurity profile as attractive as possible to the underwriters. The same is true when it comes to renewing your cyber insurance policy.
In the United States, the average annual cost of cyber insurance for a business with $1 million in annual revenue is $1,485, based on a $1 million dollar liability limit with a $10,000 deductible. But premium prices are increasing–fast. Standard & Poor’s Corp. recently predicted cyber insurance premiums will increase on average 20-30% per year, but rate increases up to 60% are already not uncommon. And while premiums are increasing, limits and coverage are actually declining because insurance carriers are struggling to maintain profitability as the frequency and severity of cyber insurance claims continue to rise.
The cost of cyber insurance depends on the nature and size of your business and the state in which your business operates, as well as the steps you’ve taken to secure your business.
To help you identify holes in your cybersecurity that could lead to loss of coverage or, at a minimum, higher premiums we’ve put together these questions to run by your technology team:
Does your company have documented cybersecurity practices that are enforced?
Does your company have at least one team member assigned to actively manage cybersecurity and regularly ensure all networks, systems, and accounts are up to date?
Do they regularly review account access privileges—especially for those with administrative access—and make revisions when necessary?
Do they regularly check for and install patches?
Do they seek out and replace technology that is no longer supported?
Does your company have a cybersecurity incident response plan that is reviewed every 6–12 months?
Does your company conduct quarterly security awareness training for employees?
Does your company conduct simulated email phishing attacks?
Are your backups encrypted in order to help in protecting them from a bad actor/hacker?
Are your backups isolated from your network and kept either offline or in the cloud to minimize the risk of a hacker accessing them if your network is compromised?
Are you testing your backups regularly for effectiveness?
Does your company have an endpoint protection platform (EPP) in place?
Does your company require multi-factor authentication (MFA) to access email, company networks, and systems through a VPN or remote desktop service?
Does your company require MFA to access administrator accounts and functions, even from within your network?
Does your company actively manage its email platform to address possible compromise and limit damage?
Does your company employ banners to identify emails that come from external senders?
Is the leadership team briefed on any cybersecurity incidents (suspected as well as confirmed) as soon as they occur?
I wouldn’t recommend it. This year, a ransomware attack on a business will occur every 11 seconds. That’s more than five ransomware attacks every minute–24 hours a day, seven days a week. In 2021 alone, the global cost of ransomware recovery is set to exceed $20 billion, and as more companies increasingly go digital, that number will only get bigger. In fact, experts predict the cost to hit $265 billion in 10 years. And this is only one of the cybersecurity threats businesses, big and small, face on a daily basis.
Really, all it takes is one data breach to destroy your revenue or, worse yet, your brand’s reputation. Right now in the United States, the average data breach cost is $217,000 per incident, with a median cost of $179,000. And the fallout can be swift. An alarming 60% of small businesses go under within six months of a cyberattack.
The good news is, there are multiple ways to keep your company secure from cyberattacks. The bad news? Cybercriminals are relentless and are always looking for new vulnerabilities to exploit. Case in point: In April 2020, as the COVID-19 pandemic forced the world to go virtual and the web conferencing platform Zoom was flooded with new signups, hackers struck. The login credentials of 500,000 users were either sold or freely published on the dark web.
Bottom line? The need for cyber liability insurance is more important than ever.