It seems like another cyber attack occurs or a new form of malware emerges every day. Cybersecurity Ventures expects global cybercrime costs to grow by 15% per year over the next five years and reach $10.5 trillion by 2025. This leads us to the need for cyber insurance.
Cyber insurance can help your business with recovery in the event of a cyber attack. It is important to note that it can’t prevent cyber incidents. However, it can help with financial recovery.
The cyber insurance market is currently undergoing a considerable period of change. Policies are becoming more expensive and insurance is getting harder to come by.
Is it worth it anymore? Let’s find out.
What is Cyber Insurance?
Many small and medium-sized businesses (SMBs) don’t know much about cyber insurance. Recent research found that 64% of small business owners were not familiar with it and 25% said they “do not know what cyber insurance is”. 40% said they were “not sure” what the insurance covers.
At its core, cyber insurance is a type of coverage designed to help your business recover from the fallout of a cyber attack (such as a malware attack, ransomware attack or data breach) by funding investigation and reimbursing any losses.
The cyber insurance market has grown exponentially over the last few years. PwC expects annual gross written premiums to grow from the $2.5 billion it is today to $7.5 billion by the end of the decade.
However, while the cyber insurance market is blossoming, it’s also extremely unstable.
Cyber Insurance Premiums are Soaring
Cyber insurance premiums have soared over the last year. Research shows that most premiums have jumped by between 50% to 100%. The reason for this jump in prices is the changing threat landscape.
Over the last year, ransomware and phishing attacks have surged. This surge has led to a lot of cyber insurance payouts. As a result, many insurance players are currently operating at a loss. The National Association of Insurance Commissioners analysis of the U.S. cyber insurance market found that the volume of premiums written grew by almost 30% in 2020 while loss ratios for many carriers were over 100%.
Compounding this issue is the fact that there is a lack of historical data in the cyber insurance sector. Insurance providers simply don’t have the records and insights to predict steady premiums. In order to remain profitable and protect the future of their operations, they need to spike prices.
But that is not all that insurers are doing. We are also seeing more and more players change their terms and conditions. In order to qualify for coverage, organizations now need to have robust security defenses in place. Otherwise, insurance providers will rule them out as too high of a risk.
Should My Company Get Cyber Insurance?
For SMBs considering it or looking to renew their coverage, these changes can be a concern. You may be wondering if the insurance is worth it anymore now that it is so expensive.
There is no straightforward answer to this question. Whether or not you opt for the insurance will depend on factors like:
- The sector you operate in
- The maturity of your security operations
- The sensitivity of the customer data you handle
- The data protection regulations you adhere to
For example, if you’re a local business with a small online presence, it’s unlikely that cyber insurance should be your priority. Instead, we would advise you to focus more on investing in boosting your security defenses to reduce the likelihood of a cyber attack. By contrast, if you’re a healthcare provider that processes a lot of personal health information and you rely a lot on digital processes, insurance might be a good idea.
Before you get cyber insurance, you should ensure that you have robust security defenses in place. One of the big findings in the Sophos 2021 Threat Report was that the lack of attention to essential cybersecurity best practices is at the heart of many of the most damaging attacks that companies saw last year.
Many small businesses don’t take their IT security as seriously as they should and expect software like antivirus to do all of the heavy lifting. However, keeping your network and endpoints secure from multiple threats takes vigilance and adherence to cybersecurity best practices.
If you’re not sure where to start with improving your security, we would advise working with a managed IT security services provider who can help you to improve company operations and diminish security risks at a fraction of the cost of the insurance.
Start Your Managed Security Journey Today!
Sound Computers can help your Connecticut business bolster its cybersecurity defenses and reduce the chance of a costly data breach.
Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.