More online data gives hackers incentive to attack in greater numbers. In 2021, the average cost of a data breach hit $4.24 million, an increase from $3.86 million the year before. It’s the highest one-year growth since IBM began tracking this information.
Compromised data and credentials, business downtime, data restoration efforts, damage to your reputation, and a loss in profits are just the obvious costs. Companies also need to invest in additional security measures after a breach. Choosing to remain unprotected increases risk, drives up costs, and forces an unplanned and urgent reaction to an attack.
The Cost Of Cybercrime
Cybersecurity has emerged as a top concern for employers, big and small. Due to a boost in remote work as a result of COVID-19, cybercrime has reached an all time high. The Internet Crime Complaint Center (IC3) saw a 69% increase in complaints from 2019 to 2020, with crimes projected to set a higher mark in 2021. Cyber ransom analysts project that the damages caused from cybercrime will reach upwards of $6 trillion by the end of 2021.
Hackers once targeted only large companies, but with more organizations transitioning to more online-based business platforms, everyone is at risk. One study found that 86% of businesses were successfully attacked in the past year. Of these, about 43% of attacks were targeted at small businesses, with only 14% capable of properly defending themselves. This trend will only continue as more businesses move their data online.
Even for companies that already have cyber insurance, premium increases have been averaging 20-40% on clean accounts. For those with little to no security procedures in place, they have seen limits reduced, deductibles increased, and/or are being non-renewed by their carrier.
Why Businesses Purchase Cyber Insurance
Cyber insurance is meant to protect and cover financial losses from cyber attacks and helps to mitigate liability from breaches of company and customer data.
Hosting information like customer names and addresses, social security numbers, credit card information, and health records leaves businesses liable for their protection. Company financial records and employee data — like health insurance claims, performance records, confidential internal communication — can also be at risk.
This data opens businesses up for a data breach, but also for the number one cyber attack - ransomware. The Hartford’s head of cyber risk, Jacob Ingerslev, presented a loss ratio of 68% for the year 2021 for ransomware claims alone, up from 45% in 2019.
"As we have renewed our clients for 2022, some carriers are not offering higher limits due to the significant increase in frequency and severity of claims. In some cases, in order to receive a renewal, our clients have to prove that additional security controls have been put in place.", remarks Rowanne Flood, VP of Commercial Lines at BlueStone Advisors.
What Does Cyber Insurance Protect Against?
An ideal cyber insurance policy should protect your business from data compromise responses expenses, data defense and liability, cyber computer attacks, and network security.
If a stand alone cyber policy is purchased, it may also cover damages and lawsuits resulting from cyber crimes.
Possible cyber insurance claims include:
- Software fails to perform, leaving you unable to deliver products or services
- An employee’s computer was stolen and compromised, leaking client data
- Company’s databases are hacked and its data distributed on the dark web
- An employee’s email is hacked and funds are wrongly transferred/released
- Company’s databases are hacked and its data is held for ransom
- An employee receives a spoof email and willingly transfers/releases funds
How Can I Save on Cybersecurity Insurance Premiums?
Having enterprise cybersecurity policies and protections in place can help reduce the cost of insurance premiums. Since 85% of cyber data breaches involve the human element — primarily phishing, when a hacker is unknowingly given access to data by employees through emails, text messages, or other digital communication — training is an necessary practice for any company.
Partnering with an experienced IT professional can also help you assess your vulnerable network points and ways to protect it. All of these more robust protections — like firewalls, encryption, VPNs, multi-factor authentication, and others — can help deter cyber attacks and give insurance carriers reason to discount your premiums. Less risk from you means less expensive coverage.
“You used to be able to get away with not having cyber insurance, but in today's tech-centric business world, it is one of the first things we recommend for our clients. Cyber protection is as necessary as other required policies. If you don't have it, it is like driving on the highway without auto insurance." says Andrew Royce, CEO of BlueStone Advisors.