Cybersecurity Insurance - The Growing Cost To Your Business
While cybersecurity insurance has been available for over 20 years, both the market and the industry are rapidly changing. While initially created to protect individuals and businesses from internet based risks (including hacking and phishing), businesses' increased dependence on data storage and digital communication has pushed the industry to grow beyond its ability to assess risk. Not so long ago, coverage for cyberhacker damages might have been included in a standard commercial property and casualty insurance policy. But with the costs from malicious acts rising as quickly as bad actors find their way past the newest security measures, dedicated cybersecurity policies are now the go-to for businesses looking for protection.
In 2016, 26% of businesses bought cyber insurance; by 2020, that number nearly doubled. Statista.com reports the global cyber insurance market is likely to continue to experience rapid growth over the next five years, with the total market size increasing from around 8 billion dollars in 2020 to just over 20 billion U.S. dollars by 2025. With so much demand putting dollars in the pockets of insurance companies, one might surmise, premium prices should be expected to fall. However, in fact, many analysts are estimating annual premium increases of 30% or more as the number and cost of cyber-attacks continue to rise dramatically each year.
Fullsteam Insurance reports the top cyber insurance claims result from data breaches, cyber liability and cyber extortion. Data breaches account for the majority of insurance claims, with the average U.S. data breach costing $4.35 million. While the most expensive breaches make headlines, the cost to small and medium businesses can be staggering and catastrophic. With each incident averaging a cost of several hundred thousand dollars, Inc. reports 60% of small and medium sized businesses are out of business within six months of a data breach.
Recovering from a data breach can extend beyond repairing your company’s reputation and the associated costs of getting back to business. Cyber liability is a major cost to insurance companies and a big reason for premium increases. Imagine a hacker, posing as a known contact, is able to convince one of your employees to send sensitive information and that information ends up compromising another company’s security. When the forensic evidence points to the vulnerabilities in your business’s protocol as the reason the second company suffered damages, the time and resources spent to settle the resulting lawsuit are extensive. These costs can be covered by cyber insurance, but they will certainly be passed on to policyholders.
Cyber extortion affected nearly 20% of companies in 2020, with 50% agreeing to pay the ransom demanded to stop the cyberattack. Cyber extortion, most commonly occurring as ransomware, takes place when cybercriminals disable a company’s operations or gain control of sensitive data, and then demand payment before releasing the system and returning the data. Infamous ransomware attack victims include oil pipelines and Swiss airports, but SMBs are equally vulnerable. Imagine you run a business, say a golf course, that depends on software for customers to make tee times and that same software is tied to your point-of-sale system, which holds all of your daily accounting records. When hackers gain control of that system, how much is it worth to restore your ability to conduct business? With cyber insurance, the carrier negotiates with the hacker, pays for your loss of business income and covers the fees to resecure your system. Despite the rising cost of cyber insurance premiums, it is hard to conceive of a business operating in today’s digitized world without this type of protection.
Investment in cybersecurity can reduce premiums. The cost of cyber insurance for any individual business will vary based on a number of factors. Industry experts agree that it is far less expensive to prevent a cyberattack than to recover from one. A company’s vulnerability to cyber-attacks, coupled with the number of claims filed will be leading determinants in a business’s cyber insurance premium. These concerns can be mitigated by maintaining a complete cybersecurity plan. Before seeking cyber insurance, consider implementing a MDR solution. Managed Detection and Response (MDR) is a cybersecurity service offering organizations remotely delivered modern security operations center (MSOC) functions at a reasonable cost. Though different companies face different security challenges, MDR gives businesses of all types and sizes the opportunity to access the experts who can monitor, analyze and respond to threats in a timely manner without the expense of an in-house security team.
NuSpective and their partners are leaders in the cybersecurity industry, prepared to evaluate an organization’s security needs and offer custom tailored solutions.
