By Amos Aesoph, CISO
With the average cost of recovery from a cyberattack close to $2 million, ransomware costs have already more than doubled in 2021.1 Increasingly, companies are trying to combat this risk through cyber liability insurance, with policies that pay for downtime and other expenses or protect the business from lawsuits and legal claims incurred after a data breach. Many businesses now require this coverage for vendors or partners.
All this demand is raising rates and making coverage harder to get. In 2020, the average cost of a cyber liability policy was $1,484 per year for $1 million in coverage with a $10,000 deductible.2 One national insurance market study forecasts that the size of this market could grow from $8 billion last year to more than $20 billion by 2025.
Rather ironically, a serious catch to the growing popularity of cyber liability insurance is that it might actually make your company more vulnerable to cyberattack. Hackers are now even targeting insurance companies, looking for a list of insured clients, as they make for better-financed targets.
If you do have a policy, guard it with the highest levels of security. We’d recommend that you keep it off your online environment, so your coverage limits don’t fall into the wrong hands. Cybercriminals use that information to their benefit during negotiations after an attack—and leverage from you exactly the amount that your company is insured for.
As insurance companies are paying out more often, they’re looking to cut their own costs. We’re hearing reports from our clients of cyber liability insurers raising rates and adding new security requirements to take out a new policy or renew an existing one. In several situations, insurers have refused to cover, or have provided reduced coverage, to companies without proof that they have specific types of endpoint detection and response (EDR) controls put in place.
To avoid cybersecurity insurance premium increases, or even lose your current coverage, you should evaluate your security measures now. Ask your insurance company if their requirements or premiums are changing now, so you have the time to upgrade your security protocols if needed and adjust your budget or coverage level.
1 State of Ransomware Report 2021