Cyber resilience: could you withstand a cyber attack?
How well prepared is your business to withstand and recover from a cyber attack? Discover best practice advice on how to best prepare.…
Harvina Bains
Security Blogger
23rd May 2023
Recent statistics indicate that there are 2,200 cyberattacks per day with an attack happening every 39 seconds on average. As a result of this increased frequency and the severity of cyberattacks more businesses are considering cyber insurance as a safeguard. But what is the cost and how much protection is it really providing?
Cyber insurance was created to help businesses cover the costs related to suffering a cyberattack. This could be the damage or loss of information from IT systems and networks, investigation costs, damages or compensation payments to affected parties. However, it’s important to note that cyber insurance is not a ‘quick fix’ for improper security controls. Just like when you have home contents insurance, you still lock your doors to help prevent needing to make a claim. Cyber insurance should be treated no differently.
In this blog, we explore the reasons why cyber insurance premiums have increased by up to 150% and outline the necessary security controls you need to qualify for a cost-effective policy and protect your business.
Premiums for cyber insurance rose by 62% in 2022 following a 91% increase in the previous year. Several factors have contributed to the increases, including challenges in underwriting policies, limited reinsurance investment, and the volatility in cyber threats.
The reason why underwriters are facing challenges with cyber insurance is due to:
Also, the demand for coverage has risen as costly cybercrime incidents have increased, with ransomware attacks being one of the leading causes.
Businesses have been claiming for cover against activities relating to response, recovery, business interruption and reputational damage. We’ve seen this just recently when Capita announced they expect to pay up to £20mn to cover professional fees, recovery and remediation costs following a Russian ransomware attack.
The uncertainties in the market paired with high pay-outs have caused insurance companies to be more cautious about cyber insurance offerings. Insurers have now made changes to three key areas to combat the challenges. These are:
So, what can you do to bring that premium down and keep your business secure?
As insurers try to understand risk levels, underwriters are now starting to form correlations between certain cyber controls and how they correspond with cyber incidents.
This has resulted in the underwriting process becoming more rigorous as insurers are carefully analysing all cyber insurance applications. They are asking more questions and seeking evidence about your existing security measures and risk controls.
To help quantify risk more accurately and provide appropriate support to businesses, insurers have defined twelve cyber security controls they recommend you implement if you wish to obtain cyber insurance.
As a prospective policy holder, it’s advised that you have at least the top five in place as a minimum before getting cyber insurance quotes. These are the main controls insurers want to see evidence of. The other seven are recommended controls that will help improve your security posture and provide reassurance to insurers that you are taking a proactive approach. The more controls you can evidence the better your premium and coverage will likely be.
If you do not implement any of the controls mentioned above, you can expect higher premiums, unfavourable terms and conditions and even refusal of insurance coverage.
While we know insurance can provide financial protection against the losses incurred due to a data breach or cyberattack, it does not provide any protection against these attacks happening in the first place.
Investing in robust security tools allows your organisation to be proactive in the fight against cyberattacks and helps to prevent the subsequent disruption to your business operations.
Below we’ve listed our top five reasons why you should invest in security tools before taking out a cyber insurance policy:
Prevention and mitigation –By implementing security measures such as firewalls, intrusion detection systems, encryption, and access controls your business can significantly reduce the likelihood of a successful attack.
Protect sensitive data – security tools help safeguard customer information, intellectual property and financial records. Breaches can result in the loss, theft or exposure of this data, which leads to legal consequences, reputational damage, and loss of customer trust. Protecting this data with adequate security measures is vital for long-term success and stability of your business.
Reputation and customer trust – a data breach can significantly damage your organisation’s reputation. When customers perceive your business as insecure or negligent in protecting their information, they may take their business elsewhere. With the right security tools, you can demonstrate a commitment to data protection and maintain customer confidence, loyalty and brand reputation.
Operational continuity – a significant breach can disrupt business operations which leads to downtime, loss of productivity and financial consequences. Having the right security tools in place will help maintain operational continuity by preventing or minimising the impact of cyber incidents. It allows your business to continue serving customers and avoid potential revenue losses and other associated costs.
Regulatory compliance – many industries are subject to specific standards and guidelines set by governing bodies to demonstrate prevention and mitigation against cyberattacks. Examples of these include GDPR, PCI DSS, ISO 27001 and HIPAA. Compliance with these regulations requires implementing specific security measures and demonstrating due diligence in protecting data. Investing in security tools helps to maintain this compliance and avoids potential penalties and legal issues.
While insurance can provide financial protection after a breach, it should be considered as part of a comprehensive strategy rather than a standalone solution. By investing in security tools properly your business can proactively address risks, preventing them from becoming incidents.
When looking for a cyber insurance policy we recommend you do the following:
If you’re thinking of taking out a new policy or are renewing an existing policy, take some extra time to familiarise yourself with the requirements and to understand the level of cover you’re eligible for.
Now is the time to tackle the security measures you haven’t got. With many controls now seen as a minimum requirement, you need to ensure everything is in place before applying for a policy
The threat landscape is very volatile, and the way different insurers handle claims vary. Be confident that your chosen provider can sufficiently support you when you need to make a claim.
Many insurers will offer free resources for policyholders such as training, templates and readiness assessments to help with reducing risk. This is a win-win for you and the insurer.
The controls that insurers define as a minimum requirement have been established as best practice for several years, but we are still seeing businesses struggling to adopt them due to budget constraints, lack of in-house knowledge and board buy-in.
For businesses that are in this position particularly those that operate as SMEs, that checklist can appear quite daunting. The cost implications for having a dedicated security team in place can be a large and expensive undertaking.
That’s where we come in.
We offer expert guidance and support that can help you achieve a proactive cyber security mindset and give you confidence about reducing cyber risk.
We can provide comprehensive risk assessments; help identify vulnerabilities and pinpoint gaps in your existing security measures to provide recommendations for improvement.
With a Defense.com package, you can benefit from:
As well as offering other services such as penetration testing, outsourced DPO and virtual CISO.
We can help you meet cyber insurance requirements and provide the peace of mind of knowing that your business is adequately protected in the event of a cyberattack.
To find out more information about how we can support you, contact us here .
The rising premiums in the cyber insurance market highlight the growing importance of robust security measures for businesses. While cyber insurance provides financial protection, it should be seen as part of a comprehensive strategy rather than a standalone solution.
By partnering with a cyber security provider, you can benefit from skilled security professionals supporting your business and the tools you need to demonstrate your preparedness to insurers.
Harvina Bains
Security Blogger
Share this article
Identify, prioritise and remediate all your security threats with Defense.com™ XDR.
How well prepared is your business to withstand and recover from a cyber attack? Discover best practice advice on how to best prepare.…
Exploring the differences between an MDR, managed SOC and managed SIEM, and which is best to protect your business.…
Learn why multi-factor authentication is crucial to strengthening your cyber security and prevent unauthorized access..…
Read our introductory guide for everything you need to know about log monitoring. What it is, how it works, and why it is important for your business.…
Get actionable cyber security advice and insights straight to your inbox.