(June 7, 2023) Insurance industry analysts have been predicting that the growth of the cyber insurance market will level off due to the increasing cost of claims. However, cyber insurance is by far the fastest-growing segment of the property/casual insurance market. That said, cyber insurance providers are taking steps to reduce their risk exposure.
A recent RSM MMBI survey found that 68 percent of middle market companies carry a cyber insurance policy, up from 61 percent in 2022. However, 70 percent said their premiums had increased, and many plans are dropping their ransomware and data theft coverage. Insurers are also requiring more extensive documentation of an organization’s cybersecurity posture.
Despite the increased costs and hurdles, cyber insurance is a business necessity. The unfortunate reality is that organizations should expect a cybersecurity breach. Such a breach will likely impact customers, business partners, and vendors in some fashion. There could be regulatory compliance implications. Depending on the nature of the breach, losses (data, revenue, customers, and/or reputation) could be severe and lawsuits are possible. This may sound like a doomsday scenario, but organizations should assume a breach is a matter of “when,” not “if.”
What Cyber Insurance Typically Covers
When taking a risk-based approach to cybersecurity, organizations must consider which risks they can control or even avoid, which ones they can accept, and which ones they should transfer. Cyber insurance is about transferring risk.
Cyber insurance is coverage intended to help an organization recover costs incurred due to a data breach. While general liability insurance covers injuries and property damage caused by an organization’s products, services, or business operations, it usually does not cover data breach expenses. A cyber insurance policy typically accounts for:
- Business losses such as financial costs, business disruption, and crisis management
- Legal fees and expenses
- Investigation of the data breach
- Notifications to customers and other affected parties
- Recovery and restoration of exposed data and compromised systems
- Repairs to IT systems
Of course, cyber insurance coverage will vary from provider to provider. There is no standard cyber coverage and risks are constantly evolving, but there are certain things to look for when evaluating insurance companies. Do they cover all expenses mentioned previously? Is cyber insurance considered a standalone policy, which is usually more comprehensive, or an addition to an existing policy?
Strong Cybersecurity Is a Business Necessity
Many data breaches are caused by unintentional employee errors, such as clicking malicious links and opening attachments in phishing emails. Does the policy cover these non-malicious actions? Does it cover social engineering? Finally, some data breaches go undetected for months. How does cyber insurance handle these cases?
While it’s important to carefully evaluate insurance companies, remember that insurance companies will also determine how much risk they’re absorbing before deciding on coverage and costs. They’ll want to determine the strength of your cybersecurity defenses and assess vulnerabilities. They’ll want to see if you follow best practices and provide user training. The more question marks and security gaps you have, the more difficult it will be to find a quality policy at a reasonable cost.
Even if you obtain a seemingly robust cyber insurance policy, you should not neglect your cybersecurity strategy. Ideally, your security tools and services will minimize the impact of a cyberattack so that there won’t be many costs to recover through insurance. Let Mainstream help you optimize your security strategy and develop a risk-based approach incorporating the right cyber insurance policy.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting, custom software development, and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 MobileContact Us