Rise of Cybersecurity Insurance – The Value and Limits

19
Rise of Cybersecurity Insurance – The Value and Limits

Despite increased investment in cybersecurity insurance, there has been a significant increase in the risks from attacks.

With technological advancements, there has been a rise in cybercrimes, and cybersecurity insurance is no longer a luxury. Cyber-attacks cost organizations thousands of dollars. It affects the organizations’ reputation and puts massive amounts of data at risk. As attacks have advanced and become expensive, the idea of hedging against such attacks has also become popular.

Staying up to date with the constantly evolving technology can be challenging, but companies must remain vigilant to prevent any liability floating in cyberspace. As per the October 2020 report from ResearchAndMarkets, the global cyber-insurance market now stands at $7.8 billion, and it’s projected to reach $20.4 billion by 2025.

The need for cyber-insurance has increased since the coronavirus pandemic began, and organizations worldwide started functioning remotely.

Read More: Encryption-based Cyber Attack Spiked by 260% Amid the Pandemic Era

Many organizations have started incorporating cybersecurity insurance into their overall business strategies. Unfortunately, cybercriminals are smart and have started realizing that there is a huge opportunity to benefit from insurance.

These days cybercriminals do reconnaissance before they pull the trigger on a ransomware attack. They see the value of a particular cyber-insurance and demand ransom.

The harsh reality is that many organizations opt to pay the ransom. The goal is to get systems up and running instead of wasting precious time dealing with the expense of restoring data. Unfortunately, this approach is also driving up the price of policies and contributing to a more aggressive approach.

As per the 2020 Cyber Insurance Claims Report from insurance provider Coalition, over 40% of cyber-insurance claims now involve ransomware. The firm reports a 260% increase in the frequency of ransomware among its policyholders. The report also says that cyber losses for a typical claim range from $1,000 to $2 million.

CISOs note ransomware is a significant risk factor, and large enterprises aren’t the only ones getting affected. Cybercriminals now quickly access the company’s network and ascertain the ransom it can afford to pay and then adjust the amount accordingly.

The biggest risk is when these cybercriminals access sensitive data, legal information, and intellectual property and then threaten to post it on a public platform if their ransom demands are not met.

It’s not just the ransomware attacks; increased incident response costs are also driving higher losses for companies in highly regulated industries. These companies experience data breaches as they need more resources to navigate a more complex regulatory landscape.

Read More: The Need for Identity and Access Management in Corporate Risk Literacy

CISOs believe, with so many high-profile cases being reported, the marketplace for cyber-insurance will continue to harden for companies that don’t implement specific compensating controls.

Unfortunately, there’s no end in sight. The insurance industry is pushing for more rigorous cybersecurity measures. The companies now need to use protections like multifactor authentication, specific time frames for installing critical patches, endpoint application isolation, wire transfer verification, and an effective backup strategy. Some even call for cybersecurity training for employees.

With cybercriminals getting more sophisticated and with easier access to malware, ransomware attacks in all likelihood will continue to increase in severity and frequency. This, in turn, will continue to increase the demand for comprehensive cyber-insurance solutions. However, one thing is sure: insurance will continue to play a significant role in protecting companies.