Cyber Insurance has definitely become the need of the hour. In the wake of the surging phenomenon of cyberattacks, the call for cybersecurity insurance only gets louder.
Today, all across the globe, incidents of data breaches, phishing, ransomware attacks, hacking, malware attacks and data theft, are rising by leaps and bounds. In the second quarter of 2023, cybersecurity has become a growing concern, globally, as cases spike like nothing.
If we have a close look at the history of cyberattacks, we will be able to locate that over the last few years, it has grown manifold. Now, there’s no way to bypass it anymore. We can’t help but address it properly, as businesses around the world can’t afford to risk, with so much at stake.
Let’s delve deeper with the story to find out why we need cyber insurance and how it comes into play in case of cyberattacks.
Cyber Insurance: Stay Ahead, Be Prepared
Just to remind you, we had quite an eventful year in 2022, in terms of cybersecurity concerns and cyberattacks. It was marred by one of the worst crypto hacks in recent times, the Deribit hot-wallet hack, which wiped out $28M investor wealth in the process.
But the cloud was looming large and we didn’t pay heed. Cybersecurity giant, Kaspersky Labs came out with a report which was enough to raise the alarm bells. It claimed that more than 90% of the global businesses were not prepared for the next-gen cyberattacks. With the pandemic hitting hard, some of the businesses not only conducted layoffs, but also reduced their cybersecurity budget to a great extent. This was something which forced them to pay, later on.
Last year itself, Azov ransomware and new Android malware Schoolyard Bully Trojan, shook the entire tech world. But it wasn;t enough to force businesses to embrace a life jacket in the form of cyber insurance.
Months back, through a shell-shocking revelation, we came to know that there was a massive GoDaddy hack that continued for more than three years! The impact was disastrous as it came to light that almost 1.2 million customers’ WordPress instances were made vulnerable, as hackers gained access to email addresses, usernames, passwords, and in some cases, even their websites’ SSL private keys.
For your information, the November 2022 data indicates that in almost 43% cases of all cyberattacks, small businesses and start-ups were made to fall prey. This again calls for cyber insurance, as for a small business or a start-up, it becomes even more difficult to recover from such a catastrophe. Hence, going for a cybersecurity insurance might turn out to be a revolutionary if not a life-altering decision for them.
Mondelez International (which happens to be the maker of Oreos, Ritz crackers and dozens of other popular snack foods) suffered heavily along with many other businesses due to the notorious NotPetya malware attack in 2017, where the total damages were estimated at a jaw-dropping $10 billion. Pretty recently, Mondelez received $100 million as a settlement between the snack foods-power player and insurance giant Zurich, after a long-drawn judicial case.
With the mode of warfare and terrorism changing in recent times, cyberattacks are coming more frequently and that too in lethal variants. And this has initiated a paradigm shift in the business world — in 2021, top 20 U.S. insurers managed to collect over $3.9 billion in cybersecurity direct premiums and so far as standalone cyber premiums are concerned, the numbers jumped by a staggering 95% in 2021.
If we have a look at the Fitch Ratings, we will realize that cyber insurers have experienced a sharp 300% increase in total losses between 2018 and 2021. In December 2021, Chubb had to pay the coverage for Merck & Co.’s $1.4 billion losses suffered from NotPetya.
Josephine Wolff, in his latest book Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks, argues that it is of pivotal importance to “untangle who was responsible for incidents that had multiple, often overlapping, layers of victims, enablers and potential defenders.” And at the same time it is increasingly challenging, according to professor Wolff.
For the uninitiated, way back in 2011, a terrible data breach affected Sony’s PlayStation Network, exposing personally identifiable information (PII) of about as many as 77 million PlayStation user accounts. The breach was so massive that it barred users of PlayStation consoles from accessing the service for almost 23 days. This resulted in a cumulative loss of $171 million, which could have been covered if it had cyber insurance in the first place.
In order to buy cyber insurance, an individual or entity has to comply with a security audit by the concerned insurance company or provide documentation with the assistance of an approved assessment tool, like the one offered by the Federal Financial Institutions Examination Council (FFIEC). Depending upon the security audit or the documentation provided from approved assessment tools the types of coverage offered by the cyber insurance company will be dictated, as well as the cost of the premiums.
However, in the United States, the Cybersecurity and Infrastructure Security Agency (CISA), which continues to operate under the Department of Homeland Security (DHS), has been encouraging businesses to enhance their cybersecurity in lieu of more coverage at more affordable rates.
Primarily there are two types of cyber insurance. One is the ‘First-Party Insurance’ and the other one is the ‘Third-Party Insurance’. In case of the former, potential threats which could affect the company or individual, gets covered. This protects your data, including employee and customer information. Whereas, on the other hand, the latter covers any loss incurred from deals or transactions with other companies or businesses. This protects you from liability if a third party brings claims against you.
Meanwhile, the Federal Trade Commission (FTC) urges you to make sure your policy includes coverage for:
- Data breaches (like incidents involving theft of personal information)
- Cyber attacks on your data held by vendors and other third parties
- Cyber attacks (like breaches of your network)
- Cyber attacks that occur anywhere in the world (not only in the United States)
- Terrorist acts
FTC also asks you to check whether your cyber insurance provider will also help you with the following:
- Defend you in a lawsuit or regulatory investigation (look for “duty to defend” wording)
- Provide coverage in excess of any other applicable insurance you have
- Oﬀer a breach hotline that’s available every day of the year at all times
The way cyber crimes are on a rise, is indeed alarming. We must note that after the gruesome Covid-19 pandemic came into being, the way businesses around the world used to operate, have changed drastically. Nowadays, even states across the globe are encouraging people to opt for the online mode and at times, customers or users are left without any choice.
In such a scenario, data, which has been one of the most powerful tools and assets for centuries, has become more susceptible to incidents like, hacking, phishing and breach. Hence, it calls for further attention and utmost care.
Therefore, considering all aspects, it must be concluded that along with strengthening the respective cybersecurity systems, businesses must opt for cybersecurity insurance. Otherwise, there would be a hue and cry due to nearly irreparable losses.
There’s another important aspect to it. More often than not, businesses are driven by the fact that there’s little ROI (Return on Investment) in case of cyber insurance. In this regard, it’s similar to term insurances, where one can (their kin to be precise) only avail benefit in case of a loss of life or some massive accident. But nevertheless, cyber insurance or term insurance is done for a purpose, which is to get you [or your kin or business] covered during the worst of the lot.
However, cyber insurance is only half the job done. One should also add serious reinforcements to its cybersecurity arsenal to enhance the protection, continuously. That should be the ideal line of thought.
It can be hoped that with the passage of time, the number of individuals or businesses opting cyber insurance will grow considerably. For the uninitiated, cybersecurity insurance happens to be one of the top cybersecurity trends in 2023. We will keep a close tab on how it unfolds and will reach out to you with exclusive updates on the pages of Technowize. In case you have crypto assets, don’t forget to check our special feature on ‘Crypto Insurance’.
Meanwhile, stay tuned for more top stories on cybersecurity and exciting news from the world of tech.