Cybersecurity insurance, also referred to as cyber insurance or even cyber liability insurance, is in many ways, similar to flood insurance for your homeowner’s policy. It provides you with additional coverage in the event of a catastrophic event. In this case, a cyberattack, data breach, etc.
Cybersecurity insurance is relatively new and still viewed skeptically by some. However, it is important to remember that any business that uses technology or collects data is at risk of a cyber-attack. Many small-medium sized businesses (SMB) cannot afford the catastrophic costs to rectify a breach on their own. This is where cybersecurity insurance steps in and becomes a game changer.
We’ve heard time and time again from SMB owners that they are too small to be hacked. However, think about Grandma Jones sitting at home playing ‘Words with Friends’ online. A “friend” messages her and they begin chatting daily. She gets convinced to send money to this “friend’s” account and gets swindled out of thousands of dollars. She, not unlike your SMB, thought she was under the radar and an unlikely target. Hackers don’t discriminate on size, gender, age, etc. Everyone online is potentially a target!
Our partners at DataStream Cyber Insurance recently released an article discussing how our focus is now not so much on the IF it happens, but more so the WHEN it happens. DataStream explains, “The Covid-19 pandemic has led to a paradigm shift in how businesses operate and the accelerated shift to digital and online operations.
With that shift has come, sadly but inevitably, an increase in the number of businesses that are being targeted by cyber criminals.
The statistics for 2020 make for uncomfortable reading. Last summer at the height of the pandemic, the FBI reported it was now receiving more than 4,000 complaints about cybersecurity attacks each day – up 400% from what they were seeing pre-covid. Interpol, too, reported a huge surge in reports of attack attempts aimed at SMBs, major corporations, governments and critical infrastructure.
The most worrying increase has come in the form of corporate ransomware attacks, where criminals hold your company’s data (including customer data) or network hostage until they get paid money. Ransomware attacks have crippled businesses, with Security Boulevard reporting that 58% of businesses ended up paying off the attackers just to get control back of their systems.
Unfortunately, most cybersecurity experts – including DataStream’s own team of analysts – now position corporate cyber-attacks as an almost inevitable event that businesses should prepare for. Even with the best and most expensive cyber security technology protecting your systems, the chances are a cyber-attack can and will find its way through at some point.”
To read their article in full, click HERE.
Networks Plus’ CISSP and Certified Ethical Hacker, Jerry Horton explains the importance of cyber insurance from a different point of view. Jerry explains, “Risk management is more than a buzzword: it is a foundational practice to keep a business operational.”
Jerry emphasizes that once risks have been identified, there are four things business leaders can do with them:
- Avoid the risk – simply stop doing what is creating the risk
- Mitigate the risk – this is the core of cybersecurity. Technical and administrative controls are put into place to prevent the risk
- Accept the risk – when a business practice comes with unavoidable risk and the cost of mitigating outweighs the potential impact, business leaders can simply accept it and pay out of pocket if the risk causes an issue
- Transfer the risk – this is where insurance comes into play.
Transference is always a secondary step as business leaders need to insure against practices that can’t be avoided and for which risk mitigations have already been put into place. By way of example, we all carry insurance for our vehicles and the operation of them. We can lower our rates by mitigating risks such as ensuring that vehicle operators are properly trained and licensed, obeying traffic laws, and avoiding operating vehicles in dangerous environment when possible. However, we can’t avoid chips in a windshield from a piece of gravel thrown up during operation or avoid incidents such as a tree falling on the vehicle, scratches and dings in a parking lot, or even a multi-vehicle accident. We purchase insurance to guard against the loss such incidents will incur.
Cyberinsurance is the same concept – transference of risks with your data and systems. Just like insurance on any other property, you, as the business leader, have a responsibility to make certain that you have mitigated as many risks as possible. More importantly, cyberinsurance is an essential part of a business’s strategy to maintain a healthy and stable financial state.
Why would cyberinsurance do that, you might ask? Consider this, ransomware is the most common risk faced by every business, accounting for more than 54% of all of cyberinsurance claims in 2020 (up from only 13% the year before or over a 400% increase). This only shows part of the picture, however. Not only are ransomware attacks increasing in frequency, but the ransoms demands are also rising dramatically (the current average ransom is $170,000!) and the cost of cleanup is even higher. Estimated costs for recovering from a ransomware incident are calculated as roughly 10 times the ransom demanded. In short, this isn’t a risk that can be avoided or accepted; a portion of this risk has to be transferred to keep a business viable.
In Jerry’s words, “Make no mistake – cyberinsurance is only a part of your risk management strategy.” He strongly encourages you to have a strong cybersecurity program in place, including cybersecurity training for everyone involved in the business, so as to mitigate as much as is possible.
He adds, “Please contact one of our top-notch Business Consultants to talk about your current state of cybersecurity. We will help you get cyber-ready and, through our partner DataStream, cyberinsured against the potential disasters of our online world.”