Cyber attacks are increasing and it’s getting even harder to recover from them. Ransomware recovery costs have doubled in the last year from $0.76 million to $1.85 million in 2021, according to a report from Sophos.
Cybersecurity is no longer just a challenge for those in IT – it’s a mainstream business issue. The cyber insurance industry, once a considered to be a ‘soft’ market with high capacity and low premiums is now seeing payouts rise faster than the income from the premiums.
Cyber attacks are evolving, making it hard for insurers to assess the true risk of being attacked making it even harder for organizations to get it as the underwriting process grows more complex.
Businesses should be aware of the details of its policy and what it covers. For those who are not directly involved in the process and are curious about what the hype is about cyber insurance nowadays, here’s a brief overview:
What is Cyber Insurance?
Cyber insurance (aka cyber liability insurance) is a specialty line of insurance that protects businesses from internet-based risks. Having a this type of policy in place can help minimize business disruptions during an incident and after.
The policy can potentially cover the financial costs of some of the elements of dealing with an attack (i.e. ransom) and the recovery of it (though not from the crime itself).
The benefits of it are often for financial and operational factors, as well as for a better ‘peace of mind.’
What does it cover?
Cyber insurance covers costs incurred in the event of an incident. While most plans vary, some insurance teams can provide immediate access to experts in the event of an incident, such as IT forensic specialists, privacy lawyers, and public relations professionals. These are often first-party coverages.
It may also cover ransom demands and specialist to handle the ransom negotiations or the costs to regain access or restore data from backup sources.
Some policies may include third party coverage with limits that cover the costs associated with lawsuits.
According to Sophos’ Guide to Cyber Insurance, 84% of organizations have some form of cyber insurance.
How Common is Cyber Insurance & Who’s Most At-Risk?
Cyber insurance is common across all industries. It’s especially big in the utilities sector, like oil and gas companies followed by media, leisure, and entertainment. Cyberattacks on utility companies are often targets of attacks for their extensive infrastructure.
According to Net Diligences’ Cyber Claims study the four common threats are ransomware, social engineering, hackers, and business email compromise. However, Sophos’s survey shows only 64% of organizations had cyber insurance that covers ransomware, leaving one in five exposed to the full cost of an incident despite investing in cyber insurance.
Accenture’s Cyber Investigations, Forensics & Response midyear update says companies with annual recurring revenue of $1 billion and higher were the highest victims of ransom and extortion.
The public sector is least likely to have both cyber insurance and insurance against ransomware. Sophos State of Ransomware revealed the education sector was most likely to have been hit by a ransomware attack in the last year and the government was the sector least able to stop attackers from encrypting data.