The most advanced security strategy and tools can’t prevent 100% of cyber attacks. There will always be some new technical exploit or fraud angle that will slip through the defenses of even the most well-prepared business. Cyber insurance exists for times when an attack inevitably breaks through and causes damage to your company.
The cyber insurance industry is experiencing a major shift in pricing and coverage. We explain what cyber insurance is, explore the causes of recent industry changes, and what you can do to keep your business’s premiums down.
Who needs cyber insurance?
Businesses that want to protect themselves from unwanted expenses that result from an attack need cyber liability insurance. You wouldn’t drive a car without insurance, and you probably don’t run your business without other forms of insurance. So, why wouldn’t you want to protect your business against the ever-growing number of cyber threats?
The current threat landscape makes cybersecurity insurance a necessary decision for most organizations. This insurance can help offset the cost of recovery, operating loss, legal expenses, and other impacts from bad actors and malware events, but it’s getting more difficult to obtain.
Why is cyber insurance getting harder to get?
The threatscape has resulted in increased losses to more organizations that aren’t well prepared. In the past, the main threat was automated malware sent out in shotgun approaches, and the risks were fairly low. Security technology could detect and block the majority of automated attacks.
Because of this, cybersecurity insurance providers wrote broad policies with low premiums, but the threatscape evolved. The bad actors got more sophisticated, and exploiting organizations became a profit center for illicit groups. Malware tools became available off the shelf. Bad actors can buy these tools and quickly launch attacks. Exchanges of techniques and compromised credentials also became common on the dark web.
The shift to remote work from COVID led to an explosion in the number of successful cyber attacks. People began working from unsecured personal devices and weren’t practicing the same cyber security vigilance they did at the office. An increase in the availability of cyber attack tools and more vulnerable targets meant cyber attack claims went through the roof and insurers started experiencing significant losses on their cyber policies.
Cyber insurance today
Cybersecurity insurance is more expensive than ever, and many organizations are even being denied coverage due to lax or nonexistent security essentials.
Compared to how easy it was to obtain in the past, to get coverage now, you’ll likely be asked to fill out a detailed questionnaire about your organization’s security tools and practices. A “No, we don’t use that type of security tool” response to one or more questions might disqualify you from coverage altogether.
The costs are higher because the risks are higher. It’s a reality of risk management in today’s business and one you can respond well to with solid security supported by modern security tools and IT security expertise.
So, what can you do?
You can take a few steps to increase your chances of obtaining coverage at the best possible rates.
- Multi-Factor Authentication (MFA)
- Next-Gen Antivirus (NGAV)
- Segregated Backups
- Endpoint Detection and Response (EDR)
- Security Awareness Training
While implementing some or all of these best practices can’t prevent 100% of attacks, they can mitigate your risk and increase your chances of receiving a cyber insurance policy with lower premiums and better coverage.
Need help boosting your organization’s cyber security? Fill out the form at the bottom of our IT Security page and an Aldridge team member will answer any questions you have and help get you started on your security initiatives.
Hear our CIO, Chad Hiatt, talk about this topic from a recent webinar.