Invest in Cybersecurity or Pay More for Insurance Premiums
Stephen Taylor
We cybersecure organizations, teams, and their data | 3X INC5000 | Visionary+CEO of LeadingIT, a cybersecurity and IT support firm | Unbeatable guarantee
As cyberattacks continue increasing in volume and severity, cyber liability insurance providers are getting keener on organizations' security postures. The stronger your intrusion detection and prevention systems are, the cheaper your policy is likely to cost. Some insurance carriers may even cancel your policy if they think you don't have sufficient cybersecurity measures.
You must have heard of the school district that published an over 334% increase in its cyber liability insurance costs. It was the forefront topic in almost every cybersecurity news site late last month. This dramatic rise in premiums from $6,661 in 2021 to $22,229 this year didn't come as a surprise to some people. There has been a continuous spike in costly breaches that have disrupted business operations across the country. Naturally, carriers must increase their coverage costs and enforce more stringent qualifications or risk running at a loss. We all know that the latter is not an option.
How Does Cyber Insurance Work?
To help you understand why the lack of elaborate cybersecurity systems and protocols can increase your cyber policy costs, let's first look at how cyber insurance works. Cyber liability insurance coverage, popularly known as cyber insurance, is a policy that shields you from the costs of cyber incidents. Most carriers offer them as supplements to standard property policies, but you can also acquire them separately.
Depending on the carrier, a policy may cover anything from loss of company data to ransomware payments, downtime costs, arising legal expenses, and any other breach-related losses. They operate like standard insurance covers—if the bad guys infiltrate your systems and compromise your files or operations; you claim compensation for the arising losses.
Why Is Your Cybersecurity Posture Crucial to Insurers?
As you must have realized, policy providers bear all the financial losses from cyberattacks. So, the more vulnerable your systems are to breaches, the more the payouts from the insurer.
According to The Ponemon Institute, the average cost of a data breach in 2013 was about $136.00 . Today, IBM estimates that breach incidents cost organizations about $3.86 million , meaning that insurance carriers now pay out over thirty thousand times what they'd paid less than a decade ago. No wonder the cyber liability insurance market recorded an average loss ratio of 103% last year.
?To survive, the cyber insurance industry has to do one thing: Tighten qualification requirements and become more stringent on organizations' implementation of proper cybersecurity layers. That explains why MFA is now mandatory.
Implement MFA to Qualify for Cyber Liability Coverage
Initially, cyber insurers simply encouraged companies to implement MFA and left it at that. But, with data breaches and claims on the rise, most policy providers now mandate all applicants to implement MFA.?
领英推荐
MFA is a requirement in order to qualify for cyber insurance coverage
Statistics from Verizon show that most ransomware incidents arise from stolen credentials due to compromised logins. Given that ransomware accounts for almost half of all insurance claims , ransomware prevention can help carriers reduce their exposure. And what better way can you use than addressing it from the root cause—unauthorized access?
Multifactor authentication is an extra ransomware prevention layer. As the name suggests, it requires users to verify their identities with one or more techniques. So, even if cyber attackers steal user passwords, they require company-given gadgets, fingerprints, tokens, or any other extra authentication to access corporate accounts and files.
3 Other Cybersecurity Layers That Insurers May Consider
Currently, the focus is on MFA because it's one area that carriers have been insisting on over the last few months. However, that doesn't mean that it's the only qualification. Here are some questions that the policy provider may ask you before processing your application or renewal:
1. Do you have a team monitoring your network?
You never know when the bad guys will strike. You should have a team monitoring your system round-the-clock. The earlier you can spot breach attempts, the faster you can thwart them, and the less severe their affects. Therefore, demonstrating that you monitor your network 24/7 can help lower your cyber insurance rates.
2. How often do you assess your network?
The insurance company may also ask if you conduct regular network audits. There's an emerging trend of cyber attackers camping for several days in targets' systems before launching attacks. According to IBM, it takes an average of 228 days to spot a data breach. During this period, the actors lie low and mine all the credentials they need to launch the deadliest attacks. Periodic network assessments can help spot and eliminate these threats at preliminary stages. Doing so can save the insurer millions and prevent hours of downtime and reputational damage.
3. Do you train your staff on cybersecurity?
Employee training can help prevent data breaches. Over 90% of cyber attacks begin as employee negligence. The insurer may ask how often you train the employees and the method you use. Do you handle the process yourself or work with an IT service provider? How frequently do you retrain the staff? These questions help the insurer gauge your cybersecurity posture and determine your risk levels.
LeadingIT offers 24/7, all-inclusive, fast, and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 10-200 employees across the Chicagoland area.