Ransomware Causes an Increase in Cyber Insurance Policy Costs
- The threat of becoming the victim of a cyber attack is growing for all businesses.
- The demand for cyber insurance is greater than ever.
- Insurance providers are adding stricter underwriting requirements and increasing premiums to mitigate risk.
With new cyber threats emerging and evolving constantly, it’s no surprise that cyber attacks targeting businesses and organizations of all sizes are increasing steadily every year. Understanding this risk is critical because cyberattacks can lead to financial losses and be devastating to your reputation.
While you can implement best practices and security measures to protect your business against cyberattacks, there is no solution to avoiding them entirely. For this reason, more and more organizations are purchasing cyber insurance policies that transfer some of the risk associated with cyberattacks to an insurance company.
Today, ransomware scores are driving price hikes in cyber insurance, and security insurance costs are rising. Additionally, insurers demand more direct access to how your organization protects its computers.
Why Are Premiums Rising?
In essence, what’s happening is cyber insurance companies have been losing money since the creation of the cyber insurance product. It’s never been cash flow positive for the insurance companies because they are paying out more than they are making.
Consequently, premiums are starting to go up, and not only are premiums rising rapidly, but cyber insurance companies are requiring more controls to be put in place before they issue a policy. So, for example, at Alvarez Technology Group, we have recently received policy questionnaires from our clients that include things like multi-factor authentication on everything. In addition, it contains items like real-time alerting of breaches and any type of network anomalies. So they are getting much tighter in requiring you to do more to protect yourself before they issue you a policy.
One of the things insurers have been talking about doing is not relying on these questionnaires anymore but requiring you to send them the raw data somehow. So then they will be able to evaluate whether you are doing all the things you say you’ve been doing to protect yourself before they even issue you a policy, and if you don’t, then they can deny any claims that come from that policy.
Ransomware is becoming a high-stakes game. The average payout now, including what is paid to the criminals holding the data hostage and recovering the network, is upwards of $3.5 million per incident. So we’re not talking about trivial amounts here. We’re talking about serious money, which is why cyber insurance companies are starting to crack down.
How Much Is the Typical Premium for Cyber Insurance?
Cyber insurance costs vary depending on several factors. For instance, insurers consider the size and complexity of your business, how much exposure you represent, and the level of coverage you need.
For example, at Alvarez Technology Group, we recently had one of our clients who last year paid around $3500 for an annual premium for cyber insurance get a renewal, and it’s more than doubled to $7800. And the insurance companies are very specific about the requirements to be adhered to if the policy is to be issued. If you don’t have all those protections in place, which fortunately most of the clients we manage security do, it becomes challenging to get coverage. And if you do, they’ll exclude a lot of things because they say, “If you don’t have these things in place, you are more likely than not to become a victim, and we’re not going to provide any coverage if you do.”
For example, one of the things they might say to you is for remote work. If your employees are not using VPN with multi-factor authorization, we won’t offer you a policy. Additionally, the insurance carrier may say, “The policy is going to cost you this much, but we’re only going to cover you up to a certain amount.”
Strict requirements are especially true for hybrid workforces. Cyber insurance companies are becoming very concerned about protecting these multiple endpoints spread throughout the landscape outside the protected network. In many cases, VPNs with multi-factor authorization are required if you use Office 365, Microsofts hosted platform or Google Suite. You are expected to use multi-factor authorization throughout your entire network; if you don’t, you may not qualify for the coverage.
As part of the underwriting process, insurance carriers could even go so far as saying we want the right to be able to come in unannounced to survey or monitor your network.
This type of requirement would enable the insurer to see where your employees are surfing and determine if there are any unreasonable risks. For instance, maybe employees are going to websites that are not work-related, which might raise the risk of a cyber incursion. While that practice may raise some privacy concerns, it’s understandable that cyber insurance companies are going in that direction.
Potentially, insurance providers may require you to provide them with a log of all the different services you run on your network. In addition, they may ask for a SIM, a central depository of data, and decide that they want to tap into that data at will and that you should be prepared to give them access when they ask.
How Alvarez Technology Group Can Help
Rising premiums and stricter requirements for cyber insurance are a product of the world we live in today. But unfortunately, cyber threats show no sign of lessening. On the contrary, they are getting worse every day, and unfortunately, the bad guys are sometimes one step ahead of the rest of us.
That’s why it’s vital to implement as many protections as possible. At Alvarez Technology Group, we are network and security compliance experts. We can help protect your business from cyberattacks, ransomware, and other threats while ensuring you have the protocols to help get you the cyber insurance policy you need. Contact us today to learn more about how we can help you meet the growing requirements of insurance providers.