Insurance coverage for cybersecurity can be traced back to the late 1990s, and these policies mainly covered loss of data or data processing errors, not the cyberattacks that we see today.
During the early 2000s as more companies adopted digital workflows, cyberattacks began growing and causing catastrophic financial damage to companies. Cybersecurity insurance was expanded to cover more losses and act as a safety net, similar to automobile insurance or property insurance.
In the case of a ransomware attack or account breach, cybersecurity insurance began to cover the costs of:
This type of insurance offers important protection, just like insurance that can protect you from devastating losses due to a natural disaster that destroys your building. Costs are no longer that different between a ransomware attack/data breach and having your office destroyed by flood or fire.
The average cost of a ransomware attack to a Canadian business is over $400,000.
But something has happened over the pandemic that has caused the balance to tip and cybersecurity insurance carriers to begin retracting their coverage. This could mean that the safety net your business relies upon in the event of falling victim to a phishing attack or data breach is going to become smaller.
Just as ransomware is rampaging and costs of remediation are rising, insurance carriers are starting to rethink including payments to ransomware attackers in their policies.
Insurance carrier AXA recently decided to stop reimbursing companies for the payment they give to ransomware attackers. When the ransom is paid, it fuels further attacks and causes an increase in ransom demands.
If a company has the protection of cybersecurity insurance, they’re more likely to go ahead and pay the attacker to try to get operations up and running quickly, knowing they have insurance to cover it.
With 56% of ransomware victims paying the ransom to attackers, insurance companies are looking at their claims and wondering whether or not the risk and cost of covering these payments are now more than they can bear.
Another big change that insurance carrier Lloyd’s of London made at the end of 2021 was to stop covering costs related to data breaches or other types of attacks if they were executed by nation-states. This means the attacks are considered related to “cyberwar.”
With many state-sponsored hacking groups being responsible for major attacks, this is a policy change that could be understood in many different ways and be quite broadly interpreted.
For example, the recent Log4J vulnerability-related attacks are being traced back to government-linked hackers from China, Iran, and North Korea. But this vulnerability doesn’t only impact governments. Log4J is a code library used in multiple cloud applications and websites.
Another change being seen in the cybersecurity liability insurance industry is to add more stringent requirements for policyholders. This may include adopting a next-gen firewall with advanced threat protection or implementing multi-factor authentication on cloud accounts.
Insurance carriers are looking to reduce risk and want companies to adopt better cyber hygiene if they want to receive coverage.
According to the Sophos 2021 Threat Report, some of the most costly data breaches in 2020 were the result of a lack of basic cybersecurity hygiene.
Prices are also increasing, especially for those with fewer cybersecurity protections in place.
While you may not yet have seen these types of changes from your own insurance carrier, there is a good chance that this is just the beginning of this trend. As cyberattacks continue to get more sophisticated, volume and lethality increase.
A good place to begin is with a cybersecurity audit by a trusted IT provider so you know exactly where you stand with your IT security. Are you making a common mistake that leaves your cloud accounts or network more vulnerable?
A cybersecurity audit gives you visibility into your vulnerable areas so they can be fortified to improve your security and reduce risk.
Employee training is another important IT security layer. While software, monitoring, and automated threat protection are necessary, users training is just as vital because it’s users that are targeted in the phishing attacks that launch many different types of attacks.
Haxxess can help your Northern Ontario business eliminate risk and improve your security capabilities affordably.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.