Cybersecurity Premiums Are on The Rise - And There's No End in Sight

Securus360

Cyber insurance prices continue to rise in step with the pervasive and persistent threats posed by ransomware and data breach events such as the recent Kaseya incident involving more than 1,500 customers. This post delves into the cyber risks facing businesses from both criminal actors and from insurance companies who are tightening requirements and lowering payouts.   

Cybercriminal Risks to Business

Malicious cyber exploitation operations directed by crime syndicates, state-backed groups acting on behalf of nation-states, and individualistic lone-wolf hackers are costing U.S. businesses billions. 

In response, cyber insurance policies today are dramatically rising in cost as insurance companies reassess their risks and exposure as more and more cybercrime events are making it increasingly difficult to maintain adequate reserves and profitability. Shadowy criminal syndicates such as REvil (aka Sodinokibi) and groups such as Conti, Darkside, and Clop have built tremendous clout across the dark web, openly publishing hacking tools and even paying out affiliate earnings to partners using cryptocurrencies.

Ransomware-as-a-Service

Ransomware-as-a-service (RaaS) is a class of malware that is part of the larger crimeware-as-a-service (CaaS) trend that includes every type of software imaginable for committing crimes like fraud, extortion, identity theft, among many others. Organizations like REvil have taken the world by storm, and insurance companies, law enforcement organizations, and businesses worldwide are struggling to catch up.

Cybersecurity Insurance is Exploding

Data collected by the U.S. Government Accountability Office (GAO) found that businesses are increasing the pickup of cyber insurance policies from 26% in 2016 to 46% in 2020. That number has grown exponentially in 2021 due to the influx of cybercrime around the world. 

GAO reports that the cyber insurance industry is struggling to respond to this rapidly evolving threat, specifically: 

  • The modern landscape of cybercrime is so new, not enough historical data is available to insurers to be able to measure risk adequately. Crimeware-as-a-service variants such as ransomware were first discovered in 1989, and it wasn’t until 2005 that the modern form of ransomware-as-a-service became available to criminals.

    Additionally, the pandemic has provided the perfect means for these powerful malware classes to spread. It is challenging for insurers to estimate the damages that losses from cyber events will likely result in, which leads to an escalation of costs and creates gaps in policies as insurance companies and businesses struggle to understand the risks posed. 

  • There are no national standards for different levels of cyber insurance policies and the coverage they provide. The choice of terms such as “cyberterrorism” has made it challenging for companies to clearly understand what cyber threat events their policies cover. Cybercrimes' complex and technical nature makes it very challenging for companies to understand their liability and acceptable levels of risk due to a rapidly evolving landscape. Though insurance companies have tended to offer cyber insurance policies separate from other types of coverage, many businesses do not understand how their insurance will handle data breaches, ransomware, and other pervasive types of cybercrime. 

Some Insurers are Ditching this Volatile Market

As a result of these challenges, many smaller and less specialized insurance providers are dropping out of the cyber insurance industry altogether because the technical and legal challenges of offering these policies does not match the services their organizations can provide. While there is tremendous money for insurance companies to make in the niche of cyber insurance, it requires a great deal of cybersecurity and legal expertise that many smaller firms simply cannot deliver.  

Just how volatile is the market becoming? In 2020, McAfee reported the cost of global cybercrime reached $1 trillion, a 50% increase from 2018, while this year, these crimes are estimated to have already cost $6 trillion, a 500% increase in just the first three quarters of 2021.

cyber_insurance_tips

 

Executives Need to Get Smart About Cybersecurity Positioning

C-Suite executives in small, medium, and large firms are finding themselves grappling with an ever-evolving cybersecurity risk landscape. And while high-profile cyber attacks such as the one against the Colonial Pipeline became international news, many cyber threat events are never publicized or acknowledged publicly. 

Many CEOs and executives find it very challenging to adequately respond to emergent cyber threats while managing the balance between implementing technical cybersecurity protocols and mitigating risk through the purchasing insurance plans. 28.8

No One is Safe

The immense losses caused by cybercrime make it very challenging for even well-insured organizations to recoup expenses after being hit with a severe attack. In December of 2020, the University of Vermont Medical center in Burlington lost more than $64M and had to furlough 300 staff members in a cyber attack. While losses are common due to ransomware, insurance companies and businesses struggle to respond to these new and pervasive risks. 

More heavily insured industries such as healthcare are experiencing these burdens to an even greater degree. The fundamental nature of supply chain-based ransomware attacks makes it very easy for insurers and insurance carriers to try to pass the buck along. The lack of uniform national or international uniform standards for cyber insurance makes this even more challenging. 

Though insurance companies had previously been willing to payout sometimes exorbitant ransomware fees, there is increasing evidence that this practice will grind to a halt, placing targeted businesses in an even more challenging position. This is precisely why a more robust and responsive cybersecurity framework is necessary to adequately reduce risks by using not just prevention methods but adding detection-based and threat-hunting approaches to stop ransomware attacks from ever being able to spread across digital networks in the first place. 

Cybersecurity Risks Becoming Board-level Discussions

Cybersecurity planning is becoming a board-level topic, due to the severe risks and costs involved. These costs have not been planned for and business is being caught unprepared. This is why securing cybersecurity advisory services and subject area experts is essential for mitigating risks in a sustainable and cost-effective way. 

There are increasing dangers for companies that do not toughen up on cybersecurity by taking adequate steps to prepare and respond. Recent cyber threat events have revealed the immensely intricate nature of global business and the dramatic ripple effects that occur when disruptions occur to network and cloud-based resources connected to companies located across the U.S. and around the world. 

Cyber Insurance Fine Print is Getting Finer

Insurance payouts for cyber threat events and debates about the extent to which specific policies can adequately cover threats such as ransomware are being debated in boardrooms and heard in courts across the country. It is not uncommon for insurance providers to work adamantly to recuse themselves from paying ransomware fees due to increasingly complex and nuanced language in the cyber insurance contract underwriting. 

As insurers leave far too many businesses high and dry during data breaches and ransomware attacks, cybersecurity advisory services are in hot demand right now as companies seek to avoid risk and stay in front of evolving cyber-attacks.  

Cybersecurity Support Your Organization Needs

The clock is ticking, and time is running out. Every 39 seconds, brazen hackers compromise another organization’s defenses. It is not a matter of will someone target your organization—it is a simple matter of when it will happen, and more importantly, are you prepared? Securus360 is here to help. 

Our expert cybersecurity team and powerful suite of cybersecurity tools provide the proactive threat-hunting, threat detection, and threat prevention support you need 24 hours a day, every day to guard against catastrophic losses caused by ransomware attacks and data breaches.  

The world has changed. Has your approach to cybersecurity changed with it? 

Take action today to eliminate the cybersecurity blind spots in your organization with Securus360’s AI powered Managed eXtended Detection & Response (MXDR) platform. Let’s talk business. 

New call-to-action

Related Articles

Securus360

Rapidly Increasing Threats in the Education Sector – Why Cybersecurity Should be a Priority in 2022

Cybersecurity events in the education sector hit record highs in 2021 and are expected to continue...

Read more
Securus360

Cyber Risks on the Rise for US K-12 School Districts

K-12 school districts across the US are becoming increasingly targeted by cybercriminals. They are...

Read more

Securus360-logos-white-xsmall

100 Spectrum Center Drive, Suite 900, Irvine, California 92618 | Phone: (949) 266-6900