The FBI’s Internet Crime Complaint Center (IC3) saw a 69% increase in the number of cybercrime reports it received in 2020 compared to 2019. On average, the FBI received 2,000 cybercrime reports per day in 2020.
The importance of cyber insurance for businesses is becoming more and more prevalent. In the last 12 months, we’ve witnessed some of the largest cyberattacks, such as the Colonial Pipeline ransomware attack and the Microsoft Exchange hack in 2021 as well as the SolarWinds supply chain breach and the cyber-attacks that targeted the health sector in 2020. These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.
The business importance of cyber insurance is continually growing. Recent trends in remote work and the emergence of new technologies such as IoT leads to increasing connectivity and exposure to cyber risk and further emphasize the importance of cyber insurance for all businesses.
Cybersecurity and the Seatbelt Analogy
We all wear seatbelts, and we hope we don’t ever need them, but we want them there when things go wrong.
Seatbelts have been around since the 1950's and legislation to require the installation and use of seatbelts is now the norm. The creation and legislation of seatbelts and later airbags were a reaction to preventable injury and death as a result of an accident or a sudden stop. Cybersecurity measures, including cybersecurity insurance, and legislation are a reaction to help prevent security incidents. Similarly, cyber insurance is a security mechanism just like a seat belt.
Seatbelts don’t enable driving; they enable driving safely. Applying effective security controls doesn’t enable organizations to conduct their business, it enables organizations to conduct their business safely.
Cyber Insurance Firms at the White House Cybersecurity Summit
On August 25th, 2021, Business leaders from key sectors met with President Joe Biden at the White House and pledged to help harden cybersecurity defenses for our country. Biden called the meeting to discuss how industry and the federal government can work together to improve cybersecurity when confronted with devastating ransomware and cyberattacks.
Participants discussed how they could enhance user security by comparing the push to the standardization of automotive seat belts and airbags, another reference of the seatbelt analogy. Attendees included technology corporations, NIST, water and energy sectors, the banking and insurance industries, and academic institutions.
The CEO of Resilience Cyber Insurance Solutions announced “we will require policyholders to meet a threshold of cybersecurity best practice as a condition of receiving coverage. The insurance industry is uniquely positioned to have a mutual stake in the fight against ransomware. We want our companies to be stronger, more cyber resilient, when partnered with us. If our clients get hit, the insurance pays that loss. Our client’s cyber risk is our cyber risk.”
The Chairman and Chief Executive Officer of cyber insurance company The Travelers Companies, Inc. stated “At the White House, I highlighted the critical role that the insurance industry plays in strengthening America’s cybersecurity. Insurers help organizations manage cyber risk efficiently and effectively, including by conducting cyber risk assessments, advising on hardening cyber defenses and providing ongoing monitoring of cyber vulnerability. After a breach has occurred, insurers provide technical expertise and financial support to facilitate recovery. Working together, the industry can also identify and share trends in the cyber risk environment and promote the adoption of cybersecurity best practices.”
Image courtesy of Travelers
Cyber Insurance Predictions and How It Will Impact Organizations
There’s no crystal ball here, but odds are we will see an increase in regulations that require certain types of businesses to purchase mandatory cyber insurance, potentially starting with financial institutions and healthcare.
We’re already seeing it. Applications just a couple of years ago were brief and getting cyber insurance coverage was fairly simple. But the financial impact of ransomware over the past 18+ months has really hurt insurance carriers. Applications today are pages and pages of critical cybersecurity defense questions.
As mentioned previously, it’s no secret that previous cyber coverages did not properly price for today’s cyber risks. With the frequency and severity of claims on the rise, cyber insurers have started to tighten their risk requirements and charge higher premiums.
Cyber Insurance Termination:
Expect cyber insurance cancellations and a rush to obtain new coverage, again at much higher rates. To obtain coverage and ensure the best rates, organizations will need to demonstrate the proper cybersecurity hygiene demanded by cyber insurance underwriters.
As ransomware and cyberattacks continue to hit businesses at a skyrocketing pace, the cyber insurance market continues to adapt and change with the growing risks. The impact on businesses is now evident in premium increases and stricter risk requirements.
Teknologize is a Managed Service Provider with clients throughout the Pacific Northwest with offices located in the Tri-Cities, Washington 509.396.6640, Yakima, Washington 509.396.6640, and Bend, Oregon 541.848.6072. Questions about cybersecurity? Give us a call today!