Blog, Security

The Importance of Cyber Insurance for Modern Organizations

Posted on by Peter Fidler
importance of cyber insurance
30
Jan

Background

In 2021, the U.S. Department of Justice (DoJ) successfully recovered $2.3 million of the ransom that Colonial Pipeline paid to the DarkSide ransomware gang. In the same year, the DoJ also brought down the notorious REvil ransomware gang, seized $6 million from them, and charged a member of the gang for orchestrating a large-scale ransomware attack against U.S. technology firm Kaseya.

These developments were enthusiastically lauded by cybersecurity professionals and organizations worldwide. But the optimism fizzled out when a June 2022 report found that ransomware attacks had increased by 80% year-over-year. In general, cyberattacks increased by 38% between 2021 and 2022, reaching all-time high in Q4 with an average of 1168 weekly attacks per organization. No wonder the takedown of REvil was quickly forgotten.

The DoJ’s victories notwithstanding,  modern organizations have to contend with a whole host of cyberthreats that are not going anywhere. From malware and ransomware, to viruses, email compromise (e.g., phishing), supply chain attacks, zero-day attacks, and data breaches: the threat of cyberattacks is a persistent one for organizations in every industry. Cyber insurance can help protect businesses against the financial repercussions of these attacks. Let’s see how.

Are You Prepared for a Cyber Attack?

Download this quick cyber checklist to find out if you’re prepared:

    What is Cyber Insurance?

    A majority of companies in every industry do business online or have some online presence. This exposes them to many security risks that make them susceptible to breaches, malware attacks, ransomware demands, phishing scams, and other kinds of threats. Cyber insurance – or cybersecurity insurance –  is a type of insurance that can reduce the financial risks for organizations that may arise due to these threats.

    In exchange for a  regular premium, the policy transfers a portion of the company’s cyber risk to the insurer. So, if the organization is ever hit by a cyberattack, the policy will cover many of its associated costs and expenses.

    How Cyber Insurance Protects Organizations

    According to IBM, the average cost of a data breach has gone up from $4.24 million in 2021 to $4.35 million in 2022. Moreover, for 83% of firms, it’s not a question of if a data breach will happen, but when. Cyber insurance can protect firms from such high costs and high breach (and attack) probabilities.

    It can also protect them from ransomware costs. When Colonial Pipeline experienced a ransomware attack, the company paid a ransom of $5 million. Even though the DoJ recovered about half, the company still sustained large financial losses. Cyber insurance can help to offset such losses.

    Apart from ransom demands and payouts, companies also frequently sustain financial losses following a cyberattack. These losses may occur due to:

    • Business interruptions
    • Productivity losses due to downtime
    • Customer churn
    • Legal expenses
    • IT costs
    • Compliance fines
    • Data losses
    • Customer notifications

    All these costs can add up and create a large financial hole. Cyber insurance can help to reduce the size of this hole and reduce the collateral damage to the affected organization’s earnings and profits.

    Which Companies Need Cyber Insurance?

    Larger companies with big security teams and deep pockets can recover from attacks and shoulder the resultant financial burden without much effort. But this is rarely true for smaller firms. SMBs usually don’t invest much effort or money into strengthening their security defenses, so they are often unprepared to deal with cyberattacks and their aftermath. These facts explain why:

    • Cyberattacks affected 42% of SMBs in 2021
    • Cybercrime costs SMBs more than $2.2 million a year
    • 60% of attacked SMBs go out of business within six months of an attack

    Cyber insurance can protect SMBs from such eventualities. Insurance covers against liability and property losses caused by cyberattacks. Thus, although cyber insurance is not a silver bullet to completely protect SMBs from threats, it does provide some financial protection – if the worst were to happen.

    That said, all companies can benefit from cyber insurance, regardless of their size, business type, industry, or country of operations. Cyber insurance is particularly important for companies that:

    • Know that their risk of being attacked is high
    • Have a large customer base so notifying them of an attack or breach can be a huge financial burden
    • Collect or process large amounts of sensitive data whose loss can be financially crippling
    • Are subject to strict data privacy laws and non-compliance could result in costly fines or legal action
    • Earn high revenues or own valuable digital assets and are therefore more attractive to cybercriminals

    How Does Cyber Insurance Work?

    General liability insurance policies usually exclude cyber risks, so companies that are vulnerable to these risks should purchase a separate insurance policy which will provide stand-alone coverage. Here’s where cybersecurity insurance comes in.

    Most cyber insurance policies include first-party coverage, which covers costs that directly (“first party) impact a company, such as incident investigations, risk assessments, revenue losses due to business downtime, ransom payments, customer notifications, etc. Some policies also include third-party coverage, which protects a company if it is sued by another company (“third party”) for damages as a result of a cybersecurity incident. Also known as cyber liability coverage, third-party coverage pays for regulatory fines, legal fees, and settlements.

    A technology errors and omissions (E&O) insurance is a separate insurance that protects a company if it makes an error that results in a cybersecurity incident in its customer’s business. E&O insurance also covers legal fees, court costs, and some other costs. Companies that provide technology products or services should consider purchasing E&O insurance. Otherwise, a cyberattack, such as a supply chain or zero-day attack, could create serious financial problems for them.

    Conclusion

    If your business has some online presence or exposure, you can limit the damage from cyberattacks with cybersecurity insurance. Robust security tools and a security partner like WCA Technologies can also protect your business-critical assets from threat actors. Click here to know more about our cybersecurity solutions.

    Are You Prepared for a Cyber Attack?

    Download this quick cyber checklist to find out if you’re prepared:

      Peter Fidler

      Peter Fidler, President and founding partner of WCA Technologies, has more than 30 years of Information Technology experience working with Not-for-Profit, Legal, and Financial organizations. As a native New Yorker, Peter takes pride in solidifying and building a network of local partnerships. He currently sits on the New York City Board of the IAMCP (International Association of Microsoft Channel Partners) where he serves as President, and is a member of the Ingram SMB Alliance, and HTG Peer Group. Peter has an M.B.A. in Finance from Fordham University and B.S. in Marketing from Bentley University. When he’s not creating IT business solutions, Peter enjoys yoga, cooking, and attending Giants football games.