Cybercrime is a $6 trillion annual industry, affecting all businesses and individuals. Global cybercrime costs are expected to grow 15% per year over the next 5 years, reaching $10.5 trillion USD annually by 2025. For comparison, the cost was $3 trillion USD in 2015.
As cyberattacks have continued to rise, so, too, has the cost of cyber insurance. According to the Wall Street Journal, “direct-written premiums collected by the largest US insurance carriers in 2021 swelled by 92% year-over-year.” And although the price of cybersecurity has increased, there’s no indication that these higher rates will ensure a higher recovery of funds.
Who needs cyber insurance?
The concept of cyber insurance is both relatively new and ever-evolving. Generally, though, cyber insurance helps recoup losses, pay for investigations, cover legal costs, and it gives you the resources to get your organization back in business following a cyber-attack.
Any business that deals with sensitive information—including credit card numbers, medical information, social security numbers, or any other personal information—should have cyber insurance in order to protect customer information, industry relations, and business reputation.
What does this increase in cost mean?
With a sharp rise in cyberattacks, the demand for cyber insurance has increased. The increase in price helps to soften direct loss ratio when insurance companies have to pay out the insured companies who file claims.
Generally, a cyber insurance policy can include coverage for the following:
- Damage to your IT infrastructure as a direct result of a cybercrime, including:
- Payment of ransomware
- ID restoration and credit monitoring
- Data restoration
- PR expenses
- Legal expenses, including any incurred due to breach of contract with a client
- Payment of ransomware
- Business interruptions as the direct result of a breach
- Replacement hardware damaged by malware
But in addition to the price increase, many carriers have decreased what their policies will cover—and been more selective about the risks they’re willing to take on by creating stricter criteria for those who want to sign up for coverage. With greater barriers to entry, organizations who understand the risk but do not yet have strong cybersecurity systems are being turned away for coverage.
If you are currently covered under a cyber insurance policy, you should look closely at how cybersecurity threats are assessed in your plan. Employees can often be the cause of breaches, and some policies might not cover accidental actions caused by falling for social engineering attacks like convincing phishing emails. Additionally, if there is a large breach that affects many people from many different industries, some insurance policies will deny coverage as they only cover targeted attacks where your organization was specifically sought out for a breach.
But only one thing helps decrease the cost of cyber insurance: stronger cybersecurity. With companies paying more to receive less in return, it’s important to have a security partner who is proactive and holistic in their approach to your infrastructure and cybersecurity. By fortifying your defenses against cyberattacks, the less risk you present for insurance companies.