Cyber insurance, also known as cyber liability insurance and cyber risk insurance, is a type of insurance policy specifically designed to protect businesses from the financial losses that can occur when their systems are compromised by malicious actors. Cyber insurance policies typically cover costs associated with data breaches, ransomware attacks, business email compromise (BEC), legal expenses, and more.
Companies have been able to benefit from cyber liability insurance for some time. However, a wave of ransomware attacks and data breaches during the COVID pandemic completely changed the landscape of the cyber insurance market, forcing insurance companies to drastically increase premium costs, cut coverage and benefits, and be much more selective when issuing and pricing policies.
According to Statista, 73% of cyber insurance claims made worldwide between 2013 and 2019, were made under the clause of “Breach incident response and crisis management”. This was followed by data privacy liability (9%), cyber extortion (6%), and network business interruptions (4%).
Who needs cyber insurance and why?
Businesses of any size should consider cyber insurance as a way to protect against the financial losses that can occur from a security breach. It is important to note that cyber-criminals frequently target small companies as they generally have weaker security controls, and are thus an easier target. In fact, according to Securitymagazine.com, small businesses are the target of 43% of cyberattacks, and the fallout from these breaches can be very expensive in terms of lost productivity and brand reputation. The article states that 60% of all small firms that suffer a data breach close their doors permanently within six months of the incident.
What does cyber insurance cover?
Cyber insurance typically covers costs associated with cyber-related incidents, including legal expenses and fines. Examples of typical insurance clauses include;
- Data breach or incident response and crisis management.
- Data privacy liability.
- Cyber extortion.
- Network business interruption.
- Data asset protection.
- Network security liability.
- System failure, and more.
Does cyber insurance cover major cybersecurity events?
Yes, some cyber insurance policies do provide coverage for major cybersecurity events such as ransomware attacks, distributed denial of service (DDoS) attacks, data breaches, and other cyber-related incidents. There is limited public information about the largest claims made, however, the average total cyber insurance claim is said to be around USD 345,000, according to NetDiligence.
What isn’t covered by cyber insurance?
Cyber insurance policies typically do not cover the cost of repairing or replacing hardware or software. Additionally, some policies do not cover the cost of lost income or business interruption costs.
The cost of cyber insurance and its future
The cost of cyber insurance depends on a variety of factors, including the size of the company, the industry, and the level of coverage desired. Policies can range from a few hundred dollars per year to several thousand dollars per year. According to the following article, the average cost of cyber insurance in the U.S. in 2021 was $1,589 per year or $132 per month.
The demand for cyber insurance is expected to continue to grow as businesses become increasingly reliant on digital technology, and as more employees continue to access their company’s network from remote, unsecured locations. As technology evolves, cyber insurance policies will need to keep pace with new cyber threats, such as ransomware and artificial intelligence (AI) attacks. According to the following blog post on Security.org, in 2020, the global cyber insurance market was worth $7.8 billion, and is estimated to be worth around $20 billion by 2025.
What can companies do to reduce cyber insurance premiums?
There are many things that companies can do to reduce their cyber liability insurance premiums, such as;
- Establishing a comprehensive set of well-documented security policies and procedures that can be reviewed by the insurer.
- Having a tried and tested incident response plan in place.
- Carrying out regular security awareness training.
- Implementing multi-factor authentication.
- Implementing strict access controls that are clearly documented.
- Carrying out penetration tests and vulnerability scans.
- Using an automated patch management solution.
- Adhering to best practices for data backup and recovery.
- Using a real-time auditing solution that can detect, alert, and respond to anomalous events, and instantly generate detailed reports that can be presented to the insurers to demonstrate the effectiveness of their security measures.
How can Lepide Help to Reduce Cyber Insurance Premiums?
The Lepide Data Security Platform is designed to give you the visibility you need to accurately assess the state of your organization’s security posture. Any time privileged accounts or sensitive data are accessed and used in a way that is not typical for a given user, a real-time alert is sent to the administrator’s inbox or mobile device. At the click of a mouse, you can generate detailed reports that can be delivered to your insurance provider to demonstrate your compliance efforts and to give them reassurance that you have the necessary controls in place to keep your data secure.
If you’d like to see how the Lepide Data Security Platform can help you reduce your cyber insurance premiums, schedule a demo with one of our engineers or start your free trial today.