Threats seem to emerge from everywhere. Ransomware continues to increase in volume and sophistication. Nation state cyberattacks threaten all organizations. And according to Forrester Research, “A third (33%) of all data breach incidents in 2021 are expected to be caused by insiders…”
With such sophisticated cyberattacks threatening your organization, it’s a good idea to consider cyber liability insurance. This specific type of insurance offsets the costs of internet and IT-related liabilities that may lead to a cyber incident—such as a data breach—that disrupts your operations.
Cyber Liability Insurance Costs Are Going Up...Here's Why
Unfortunately, cyber liability insurance is also expensive—with costs continuing to rise. Reported in Business Insurance, “Cyber insurance premiums, which now total about $5 billion annually, will increase 20% to 30% per year on average in the near future, Standard & Poor’s Corp. says in a report.” These premiums are going up for many reasons:
- Increase in ransomware: Ransomware has been a gamechanger for cyber liability insurance. The devastation wrought by ransomware on an organization combined with the ransom itself (which many organizations pay) makes this cyberattack very expensive. With the number of ransomware attacks continuing to increase as cyber criminals find them easier to execute, the costs related to cyber liability insurance also increase.
- Increase in data breaches: Data breach notification involves many expensive complex steps—from notifying customers to working with regulators. With data breaches continually increasing, cyber liability insurance companies are trying to keep up with the volume of claims.
- The pandemic: On the surface, it seems like the pandemic should not affect cyber liability insurance premiums. However, the massive increase in employees working from home has led to an increase in cyberattacks against these typically less secure computers and networks—increasing the number of cyber incidents.
- Increase in social engineering and business email compromise: Email phishing attacks continue to increase, grow in sophistication, and lead to more cyber incidents that trick employees.
- Increasing regulations: Whether it’s the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), or an increasing number of data breach notification laws, privacy laws, and industry regulations, stricter reporting requirements lead to more compliance demands—and thus more reported cyber incidents.
Costs May Be Up, But You Need Cyber Liability Insurance More Than Ever
What if you have already invested a lot of money into your cybersecurity efforts? What if your general liability insurance feels like enough? Acquiring cyber liability insurance, despite high premiums, will help you offset some specialized costs that general liability insurance may not cover.
- Legal fees and expenses: Lawsuits and fines related to cyber incidents can escalate quickly in the wake of a data breach.
- Notification and compliance fees: Each state has data breach notification requirements. While many overlap, you may need to comply with different state laws depending on where your customers are located. In addition, data privacy laws and federal laws regulating specific industries can add to your compliance costs.
- Data recovery efforts: If you experienced an attack on your servers, computers, or cloud data, then you will need to spend money recovering data in the wake of a ransomware attack, virus, or other incident involving data loss.
- Repairing IT assets: A cyberattack can damage servers, computers, applications, and equipment. Repairing or replacing IT assets can be a major expense after a cyberattack or data breach.
- Fraudulent wire transfers: A phishing email may trick an employee in finance to send money to a fake bank account thinking it's a real vendor. That transfer will not be covered.
How to Lower Your Cyber Liability
Insurance companies will scrutinize your security measures to decide what premium you will be charged. If you think that simply buying cyber liability insurance is a good shortcut instead of investing in preventative cybersecurity measures, you’re wrong. Without proper security, your premiums will skyrocket even higher as your insurance company sees you as a ripe target for cyberattackers.
To reduce your liability, the following best practices will help:
- Implement a data backup and disaster recovery solution: You need to make sure your organization can recover quickly from a smaller incident (such as a server failure) and within hours or days after a disaster (such as a ransomware attack). This solution also needs to be tested, giving you proof that you can recover your data after an incident, and needs both an onsite and offsite component.
- Secure your website: Host your website with a reputable provider and audit your website for security risks. A hacked website can allow cyberattackers access to sensitive or confidential information.
- Use endpoint detection and response (EDR): Antivirus software is not good enough anymore for an organization. EDR is now a more powerful baseline security tool that uses machine learning (a form of AI) to proactively detect and respond to threats.
- Train employees about phishing and cybersecurity threats: Cybersecurity is a rare area of IT where everyone plays a part. A front-line employee clicking on a suspicious email can unleash ransomware into your organization. The more you make employees aware of threats, the less chance common cybersecurity scams will trick them.
- Continually monitor your IT systems for issues: Is your IT helpdesk capable of monitoring for security incidents? Security monitoring is critical to identifying breaches in your network. This requires special tools and training.
- Patch your software: Many cybersecurity incidents—including some of the most serious during the past few years—resulted from unpatched software. Patches shore up cybersecurity vulnerabilities in your applications and ensure that you are not low-hanging fruit for a cyberattacker.
- Create a password policy: Weak passwords are another easy entry point for cyberattackers. A password policy requiring Two-Factor Authentication (2FA) and strong passwords or passphrases will help lessen the chance of a data breach occurring from this easily exploited angle.
- Encrypt data: Encryption ensures that data is useless if a cyberattacker happens to steal it, such as on a stolen laptop. Applications, web browsers, document repositories, email, and devices (workstations, laptops, and even cloud applications) should all encrypt data in transit and when accessed by employees.
Cyber liability insurance is an important part of your insurance portfolio. However, you don’t have to be at the mercy of skyrocketing prices. By implementing the best practices above, you will reduce your premiums while also improving your organization’s cybersecurity. After all, the real goal is to prevent and significantly reduce the likelihood of a cyberattack—not wait around for a worst-case scenario to happen with only insurance as your (ineffective) weapon.
Ready for Better Cybersecurity?
Cybersecurity moves fast. Are you ahead of the cyberattackers? Having a strategic, proactive IT partner will help you shore up cybersecurity gaps, prevent cyberattacks, and reduce your cyber liability.
VC3 partners with over 400 organizations across the United States to reduce their cybersecurity risks. A strategic technology partner can work with you to ensure that you do not suffer severe consequences from ransomware or another cyberattack.
We can assess your cybersecurity risks, outline what you need to secure your IT assets, and help you build a budget and roadmap to get there. Complete the form below and we’ll schedule a free cybersecurity consultation with you to learn more about your cyber liability needs.