Why Has Cyber Insurance Gone Up in Price?

 Massive Spike in Cyber Attacks 

Cyber insurance has become more expensive for businesses across every industry due to a dramatic rise in cyber-attacks. In fact, since the Covid-19 pandemic, cybercrime has increased by a whopping 600%. One reason for this massive spike is a result of many individuals transitioning from in-person to remote work due to stay-at-home orders. Unfortunately, working remotely often leads to weaker computer security and easier targets for cybercriminals without having proper IT support. 

How Cybercrime Has Affected Insurers 

With this massive spike in attacks, cyber liability companies, not surprisingly, saw a dramatic increase in claims from damages causing the cyber insurance industry to take a brutal hit financially. Aside from a rise in claims, cyber damages such as stolen money, lost productivity, data loss, embezzlement, and the like are becoming more severe and costly for insurers to cover.

Higher Costs, Less Coverage

With cyber insurance companies facing thin profit margins due to costly cyber-attacks, insurers must find better ways to protect their bottom line. So, insurers are raising premiums and limiting companies’ coverage, especially those more susceptible to cyber-attacks. In many instances, insurers also deny policy coverage for those businesses in industries they believe to be a high financial risk.

Ransomware Cost Increase

Ransomware attacks are one of the costliest and most prominent threats to businesses and cyber insurers. From 2021 to 2022, ransomware attacks rose by a staggering 93%, and the average ransomware payment increased by 82%. These high damage costs and claim payouts have been financially devastating for insurers. To counteract this, cyber insurance companies have modified their plans and are limiting coverage for ransomware attacks. 

What is Ransomware?

Ransomware is a form of malware that allows cybercriminals to steal and encrypt a victim’s data until a ransom is paid for its release. Many bad actors favor this attack strategy because of its high financial payoff and ease of use. Bad actors no longer need to be highly skilled to deploy a ransomware attack when they can easily rent Ransomware as a Service (RaaS) on the dark web from other hackers who rent out their malicious software. 

Better Risk Management Protocols 

With the astonishing rise in cybercrime, it has become clear to insurers that correctly identifying the risk level of current and potential clients is a vital step in protecting their finances. Cybersecurity insurance companies typically use risk management strategies to help them understand and gauge a business’s risk before offering them a policy or determining their premium cost. So now, with the drastic rise in claims and profit losses, insurers have enhanced their previous risk assessments and overall processes to measure each business’s perceived risk more accurately. 

Their new process and modifications include:

• Better screening questions
• Investing in advanced risk assessment tools
• Conducting adequate research on the industries served
• Assessing each business’s internal and external threats

Businesses that score low for cyber resilience with these new and improved risk assessments by default will experience higher premiums and will likely receive less coverage for cyber incidents they are most susceptible to. 

How to Keep My Insurance Premiums Affordable?

When it comes to cyber liability insurance, your premium will primarily be based on your company’s cyber resilience (how well your company can withstand a cyber-attack). So, the weaker your cybersecurity posture, the more money you will be required to pay for a premium with good coverage. Therefore, following cyber hygiene best practices is the best way to protect your organization and keep your cyber liability coverage affordable. 

Below we will discuss 6 ways to bolster your company’s security posture by implementing cyber hygiene best practices that insurers frequently rely upon to gauge your cyber risk. 

Cyber Hygiene Best Practices:

1. Use Multi-Factor Authentication 

One of the best ways to secure your business and prevent a cyberattack is to use Multi-Factor Authentication (MFA). This is because using Multi-Factor Authentication alone is said to prevent up to 80-90% of cyber threats. Not surprisingly, some of the most critical screening questions that cyber insurance companies use to gauge your cyber risk involve using MFA throughout your organization. 

Some questions you may see on your cyber insurance application concerning MFA are:

• Do you utilize MFA to restrict access to your backups?
• Your cloud-syncing service is protected by MFA?
• Do you use MFA to protect access to privileged user accounts?
• Can users access email through a web application or non-corporate device? If “yes,” do you enforce Multi-Factor Authentication (MFA)?
• Do you use MFA to secure all cloud provider services that you utilize (e.g., Amazon Web Services (AWS), Microsoft Azure, Google Cloud)?
• Do you use MFA to secure all remote access to your network, including any remote desktop protocol (RDP) connections?
• Do you use multi-factor authentication (MFA) for cloud-based email account access?

What is MFA?

MFA is a security measure that ensures users are who they say they are when attempting to sign into an account. Before Multi-Factor Authentication, users would depend on traditional usernames and passwords. However, this method has proven unreliable over time. New technologies and increasingly sophisticated attacks have made it easier, cheaper, and more effective to crack passwords and obtain username credentials than ever before. 

 

With MFA, you provide your accounts with an additional layer of security by combining two or more types of validation, such as something you know, something you have, or something you are, to grant access to your online resources. One of the most common MFA validation methods is to first type in your username and password and then use an authentication app like Google authenticator or LastPass to approve access with a phone or other personal device. 

2. Utilize a Security Operations Center (SOC)

A very advanced and effective way to bolster your security posture is by implementing a Security Operations Center (SOC) within your organization. The SOC helps your organization identify, monitor, manage, and remediate cyber incidents with advanced threat intelligence and an experienced security team. 

The SOC has become a vital and necessary component in effective cybersecurity defense because it constantly keeps up with the growing threats to stay relevant and consists of the three elements required to defend against cyberattacks: people, processes, and technology. Because of the advanced threat protection and response techniques that a SOC has, cyber insurers consider companies that use a SOC to be much lower risk and typically provide more coverage at a better price to these policyholders. 

A caveat to the SOC is that few organizations have the financial resources to maintain this advanced technology and acquire the security experts to develop and run it effectively. However, companies can partner with a managed cybersecurity provider offering layered security services, including the SOC, for a fraction of the price of the SOC alone. Not to mention, you will receive many other security defense tools that insurers expect you to have to strengthen your security posture.

What is a Managed Cybersecurity Provider?

A managed cybersecurity provider protects your networks, devices, and data from unauthorized access or illegal use by implementing layered security defenses within your organization. They also help you meet cyber insurer requirements and industry security compliance.  

3. Use an Endpoint Detection & Response (EDR) Tool

Another security solution that will help protect your organization and keep your cybersecurity insurance affordable is an Endpoint Detection & Response (EDR) tool. One of the great things about EDR tools is they go beyond detecting suspicious activity and automatically respond to threats as they arise. 

When it comes to endpoint detection and response, your cyber insurance provider may ask: 

Do you use an endpoint detection and response (EDR) tool that includes centralized monitoring and logging of all endpoint activity across your enterprise? When insurers ask this, they basically want to ensure that you use advanced EDR software that centrally collects and analyzes endpoint data across your entire organization, giving you a complete picture of potential threats and incident response capabilities at each known endpoint.   

Why is Endpoint Security Important?

Since endpoints such as desktops, laptops, and smartphones serve as entry points for malicious actors, securing them is crucial in protecting your network. Endpoints remain a primary target for attackers since that is where the most sensitive information is stored and where attackers can abuse credentials that enable them to attack other networks and systems.

4. Implement Next-Generation Antivirus (NGAV)

No matter how small your business is, a traditional antivirus is no longer enough to protect you from the rapid evolution of viruses. Viruses continue to be one of the main threats to computer security, which unfortunately has only increased throughout the pandemic. Since our cyber threat environment is constantly changing, our protections, such as Antivirus, must also advance. Cyber insurance companies will mark a big red flag on your application if they find that you only use a basic antivirus instead of a Next-Generation Antivirus (NGAV). Bad actors continuously develop new techniques allowing them to bypass traditional antivirus scanning procedures, leading to many successful infections even with basic antivirus protections in place. Fortunately, with advancements in machine learning and threat intelligence, Next-Generation Antivirus (NGAV) software is available to defend against emerging threats.

What’s the Difference Between Traditional Antivirus and a Next-Gen Antivirus?

Traditional Antivirus software relies on an existing database of blocked malware to detect and prevent threats. This database does not protect against emerging threats since it must be updated to include each new malware attack. Meaning, that new malware can run undetected without the advanced detection a Next-Generation Antivirus software has, leading to an infection in your network. 

Next-Generation Antivirus is a powerful antivirus software that combines artificial intelligence, behavioral detection, machine learning algorithms, and exploit mitigation to proactively detect & prevent known and unknown threats. Its modern threat intelligence and AI offer an advanced level of cybersecurity and endpoint protection to secure your network.

Some questions you might see on your cyber insurance application regarding Antivirus are:

Do you protect all your devices with Antivirus, anti-malware, and/or endpoint protection software? Cyber insurers know that any device running on the internet is more susceptible to virus attacks. Since viruses continue to be a leading attack vector, a primary indicator of your cyber hygiene is if you use an antivirus/anti-malware software or an endpoint security tool to protect all your company’s devices. Remember that all “endpoints” or devices serve as potential entryways to your network, which is why these protections are crucial.

Do you use a next-generation antivirus (NGAV) product to protect all endpoints across your enterprise? Since traditional Antivirus is becoming less effective for emerging threats, insurers measure part of your cyber resilience based on whether you use an NGAV or only have basic virus protections in place.  

5. Backup and Disaster Recovery Policies 

Unexpected IT catastrophes can happen to your business at any time. How prepared your business is for these unplanned events will determine if you can recover from them and how quickly. IT disasters typically include cyberattacks, power outages, software and hardware failures, natural disasters (fires, hurricanes, lightning storms, earthquakes, etc.), and human errors, which are very costly to businesses and cyber insurers. In addition to the high costs involved, it’s not uncommon for a company to go out of business after suffering from one of these IT tragedies. In fact, when a company loses 50% or more of its data, it will typically go out of business within a few months. Fortunately, a backup and disaster recovery policy is one of the most effective tools for unexpected catastrophes. This policy is designed to help organizations recover from data loss and restore any critical data assets after a disaster. Cyber liability insurers know that most companies hesitate to develop a disaster recovery plan until after a disaster occurs. Therefore, they lower coverage and raise premium costs if they discover a business lacks proper backups or a sound disaster recovery plan. 

Companies can work with a managed service provider specializing in data backups and disaster recovery solutions to create a proper disaster recovery procedure and make your business more insurable. Since every company operates differently, these IT experts create a custom recovery plan for your business based on your unique operational needs and industry requirements. In addition to crafting a customized recovery plan, they will test the recovery procedure for you to ensure the process works and can effectively recover your business data.

Certain backup and disaster recovery questions you might see on your cyber insurance application are:

Do you regularly back up critical data? A backup is a key component in your disaster recovery plan since it is where a duplicate copy of all your critical data is stored. In the event of unexpected data loss, you typically can only recover the data stored from the last performed backup. Therefore, insurers expect companies to perform regular backups to minimize their data loss potential. A common recommendation is that each company perform a backup once daily. However, we suggest having 2 backups performed each day to limit losing a full 24 hours’ worth of data if a disaster does occur.  

Have you tested the successful restoration and recovery of key data from backups in the last 6 months? In addition to running regular backups, it is also necessary to test the recovery process to ensure data can be properly restored. Sometimes backups will fail due to poor monitoring procedures, hardware failures, network failures, human error, and other misconfigurations, which is why testing your recovery process is crucial. Ideally, insurers want you to test this process at least once every 6 months.

6. Continuous Employee Cybersecurity Training/Awareness

Even though plenty of excellent tools are available to protect your organization from cybercrime, educating your employees with cyber awareness training is perhaps the most critical component of cybersecurity. This is because roughly 90% of data breach incidents are caused by human error. The best way to ensure your employees don’t fall victim to an attack is by educating each member of your organization about cybersecurity best practices and teaching them what to look out for and how to respond to attacks like suspicious emails, spoofed links, and the like. Cybersecurity training should be continuous since the cyber threat landscape is constantly changing.

Cyber insurance companies will often ask training and awareness questions like: 

Do any of the following employees at your company complete social engineering training: (1) Employees with financial or accounting responsibilities? (2) Employees without financial or accounting responsibilities? Some organizations may believe employee cybersecurity awareness training is only necessary for those in financial roles. However, it’s important to remember that every employee is a point of entry to your network. You must protect your other critical business data, not just financial data, from bad actors. 

Does your social engineering training include phishing simulation? Phishing simulations are great tools that help businesses improve employee awareness and prevent phishing attacks. Since phishing is one of the most common cyber-attack methods, insurers will ask if you use phishing simulations in your organization to gauge your employee’s awareness and ability to defend against these threats.