Companies rely on insurance for protection from unexpected costs that could be devastating. The construction industry relies on general and professional liability insurance, commercial vehicle insurance, pollution liability insurance, and more.
Without it, one accident or unexpected natural disaster could easily put a company out of business.
In the past decade, another type of business insurance has been growing rapidly in popularity, cyber security Insurance (also known as cyber liability insurance). This insurance protects companies against the costs related to a data breach, malware infection, or another type of cyberattack.
What does cyber insurance cover?
The costs that are covered by cyber security insurance are currently changing, as we’ll discuss below, but it’s typical for some policies to cover cyber-attack costs, including:
- Personal identity theft services for those impacted by a data breach
- Legal reviews
- Forensic information technology services
- Public relations services for reputation damage control
- Legal defense costs
- Data restoration/recreation
- Restoring computer systems
- Lost business during downtime
- Cost of the ransom paid to a ransomware attacker
But it’s becoming harder to get cyber risk insurance and insurers are reducing the types of costs that it will cover. This could leave companies more vulnerable than ever just as cyber attacks are increasing and threats are becoming more sophisticated.
Without a good cyber security structure in place, it could be a digital attack that takes down a major construction firm, rather than an economic downturn or supply chain issue.
What’s Changing About Cyber Security Insurance?
During the first half of 2021, the cyber security insurance market began to harden with signs of carriers not being so keen to hand out policies that cover all the costs associated with a cyberattack any longer.
Insurance firms have started pulling back on the things they will cover and, in some cases, doubling or tripling the costs of these types of policies.
Here are some of the main changes that we’re seeing in the cyber security insurance market.
Eliminating Coverage for Ransom Payments
In May of 2021, major global insurance carrier AXA made a policy decision to stop reimbursing French businesses for ransomware payments. Paying the ransom in a ransomware attack happens all too often and even if companies have a backup to restore.
When ransomware hits, it will usually take a business completely offline, causing it to be essentially closed. Time is of the essence and companies want to get back up and running as quickly as possible to mitigate costs. So, many will opt to pay the ransom even if they have a backup because they see it as the faster option, knowing they have the protection of cyber security insurance.
But insurance companies are questioning the practice, which further fuels more ransomware attackers. The average ransom demand skyrocketed by 82% during the first half of 2021, up to $570,000.
No Longer Covering Attacks by Nation States
When companies are hit with a cyberattack, they have little control over the type of organization that attacks them. It could be an underground criminal organization, a rogue hacker, or, as is becoming increasingly the case in widespread breaches, a state-sponsored hacking group.
In a major move at the end of 2021, insurance carrier, Lloyd’s of London changed its cyber risk insurance coverage standards, stating that its products would no longer cover what are considered attacks related to “cyber war” that have a major impact on the infrastructure of another country.
This is a clause that can have a wide interpretation as many of today’s ransomware attacks are traced back to state-sponsored groups.
Requiring More Cyber Security Actions from Those Seeking Insurance
If you don’t have the right building protection (sprinklers, security alarms, etc.), then getting insurance for your building is going to be expensive, if it’s possible at all. If you have too many tickets or accidents on your driving record, then you’re considered “high risk” and it’s difficult to find affordable automobile insurance.
Insurance companies are beginning to look at cyber insurance in the same way. The higher a company’s risk due to the lack of IT security or a business continuity strategy, the more expensive it will be for that company to get coverage, if it can get it all.
Insurers are beginning to require minimum protections be put in place on company networks to lower the risk of falling victim to an attack. The insurance companies are no longer willing to take the risk on businesses that drop the ball and don’t put basic best practices in place for data and network security.
Cyber Security Risk is Getting Higher
Why are these changes coming now? Because during the pandemic, attacks of all kinds have been on the rise, and covering companies that haven’t properly protected themselves from risk is getting too expensive.
Just a few of the disturbing trends seen since the beginning of the pandemic include:
- U.S. cybercrime reports increased 69% in 2020, to an average of 2,000 per day
- About 50% of companies that were hit with ransomware in 2020, paid the ransom
- Phishing attacks have increased 197.6%
- Identity theft increased 170%
Risks are getting higher and insurance for a cybersecurity attack is becoming harder to get and more expensive. This makes it more important than ever that companies invest in a fluid IT security infrastructure and one that deploys modern standards, such as Zero-Trust.
Schedule a Cybersecurity Audit Today
Don’t leave your Boston-area business vulnerable to a costly cyberattack.