In today’s hyperconnected world, cyber insurance is no longer a luxury but a must-have for many businesses. KYND explores the challenges of managing cyber risks and what firms should be doing to protect themselves.
The importance of cyber insurance is not new. A 2007 report published by the University of Maryland estimated that hackers were attacking devices and networks at a rate of once every 39 seconds. Building on this, the US Internet Crime Complaints Center (IC3) reported there was one successful cyber attack every 1.12 seconds.
However, KYND said despite the increased demand for cyber insurance, it is both harder to find and more expensive than ever.
In 2022, Howden Insurance Brokers reported a 50% rise in the cost of cyber insurance since 2019. At the same time, the CIAB mirrored these findings and reported a 50% reduction in the insurance cover available for clients.
Traditionally, cyber insurance quotations and policy costs were built around the incurred financial loss involved if a company suffered a data breach. The arrival of ransomware however has introduced complications.
KYND said a combination of the sophistication of the malicious encryption and the severity of the ransomware attack often means that companies are left with little choice but to pay the ransom. In effect, preventative measures were/are the only option for a lot of organisations and these were not traditionally a prerequisite for obtaining a policy.
The severity of these attacks as well as their growing frequency meant Insurers were quickly forced to re-examine how they were assessing organisations prior to them becoming insured as well as the rates charged for insurance. The upshot of all of this is that policies have become harder to get and more expensive in the process.
When it comes to applying for or renewing a cyber insurance policy, KYND said aspects such as ransomware along with the general increase in the probability of cyber crime has mean insurers are applying more stringent checks and assessments before issuing a new or renewed policy.
To illustrate this, the Financial Times found that AIG, a US insurer, had added over twenty extra questions relating to security measures on their 2021 proposal forms.
KYND is often asked for advice on what steps companies need to take to get themselves insurance ready. The cyber risk company firstly recommends implementing Multi-Factor Authentication (MFA), also known as two factor authentication (2FA). This offers an additional layer of authentication on top of a normal password. MFA is quickly becoming a mandate for newly issued policies, so it’s a good idea to implement and enforce it wherever possible.
In addition, KYND suggests safeguarding emails with SPF and DMARC. First contact from an attacker will often arrive in the form of a spoofed email and protecting your organisation from these kinds of emails is a priority. KYND said, “Spoofed emails can put your organisation at risk but they also pose a risk to partners and clients too. Implementing authentication protocols such as SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication Reporting & Conformance) is a great place to start. Just remember to review your outbound SPF policy too!”
Among KYND’s other recommendations are updating business continuity plans, backing up data securely, tightening up information security, and introducing cyber security awareness training for company members.
The cyber risk management company champions a proactive approach to cyber risk management, stressing that this is not a luxury, but in fact opting for a proactive approach to risk has allowed many organisations to experience stress-free cyber insurance applications and favourable terms for brokers.
“The threat of ransomware is not diminishing and it has contributed to a hardening cyber insurance market that is constantly evolving. The upshot of all of this is that a continual and holistic approach to cyber risk management has to be considered for every size business.”
Copyright © 2022 FinTech Global
Copyright © 2018 RegTech Analyst