Rethink Cyber Insurance Spending

The cyber insurance market has completely changed since June 2021. In just 12 months, the problems inherent within the cyber insurance market have resulted in a rapidly shrinking market, shrinking coverage, shrinking pay-outs, and increasing premiums.

At the same time that cyber attacks have increased, and the rise in successful ransomware attacks within the UK is now at record levels, with the average ransom paid by companies hit with ransomware attacks, up by over 80% on the year before, and the scale of successful attacks, increasing by 150% on the previous 12 months, now should be the time that companies across the UK are looking to take out more cyber insurance, not less.

Yet insurers on mass are making it more difficult to take up cyber insurance, and by seemingly attempting to associate any ransomware, no matter its origin with the war in Ukraine, so that they can invoke war exclusions to protect themselves from systemic risk, they have once again failed to understand why cyber insurance should exist, what it is there to protect against, and more importantly they continue to examine the risk profile of a potential policyholder, and estimate the likelihood of the policyholder to experience risk and to what level.

Until insurers learn to correctly evaluate the risk profiles of their potential policyholders, as a potential policyholder it is time to rethink why you would take out cyber insurance. ?

Cyber Insurance should be there to pay-out to for an incident response carried out by a cyber security company. For most cyber security practitioners who deliver incident response services, they are hoping to do as few as possible, incident responses are time consuming, labour and resource intensive, and difficult to be definitive, worst of all as The Metropolitan Police Cyber Crime Unit stated that:

“In over two-thirds of cases where there were outside intrusions onto the network, cyber criminals will attempt to break into the same network within one year.”

So, for cyber security companies who deliver incident response, this means they are more likely than not to leave a company exposed to the potential of another successful cyber attack.

Cyber security practitioners try to reduce the likelihood of clients suffering successful cyber attacks, by working with clients to develop an incident response plan, to minimise the impact of any cyber incidents.

A good incident response plan has always been vital to a company being prepared if a successful cyber attack happens, but as with cyber insurers who miss the overall picture by not examining the risk profile of potential policyholders, so cyber security companies who offer incident response planning have missed the budgetary implications, and clients feel that unless they are actually subject to a successful cyber attack, then money spent on cyber insurance or incident response planning is money that could have been more effectively allocated.

To resolve this issue, Crossword CyberSecurity have developed Crossword’s Cyber Incident Response Retainer which helps companies in planning, preparing, and budgeting for a cyber incident response strategy, guaranteeing an expedited response as well as proactive services to minimise the impact of cyber incidents. It offers guaranteed rapid access to the key personnel you will need in case of a cyber incident, from Crossword’s team of incident response and digital forensic experts. More crucially it includes Threat Intelligence from the Crossword CyberSecurity Labs, designed to significantly reduce the likelihood of an attack, this ensures that clients can implement services and protections which are based around specific intelligence that has identified potential vulnerabilities threats, and risks to your organisation.

Crossword’s Cyber Incident Response Retainer ensures that the money allocated for cyber insurance, and incident response planning is effectively deployed with or preferably without the need to engage incident response services.

www.crosswordcybersecurity.com?www.stega.com #cyberinsurance #cyberincidentresponse #threatintelligence