Cyber ​​Insurance Market 2022: FAQ & Updates by iBynd

Q: What are the most important aspects of cyber insurance for businesses?

  1. Notifications and fees
    After a customer data breach, there are government notification requirements that the organization must follow. Cyber ​​insurance companies help manage and manage information and expenses such as hiring a forensics expert to determine what has been breached, managing the amount of credit for victims, and paying for the restitution of stolen data.
  2. Business disruption
    Remember when Kaseya, the attack on US rescue equipment, led to the Swedish supermarket chain, Coop, closing 800 stores? If the Coop were to have a business interruption, it would help to recover (no clause) some or all of the money lost.
  3. Responsibility
    If a group or individual decides to file a lawsuit after your business is breached — for example, due to negligence because you don’t have proper security measures in place to prevent data breaches — a debt settlement can help save legal costs. and/or fees.
  4. Fraudulent money transfers
    The FBI estimates that since 2016, business email attacks (BEC) have resulted in $43B in losses. If an employee is unsuspectingly caught in a BEC scam, the fraudulent money transfer covers help recover losses.
  5. Ransom/extortion
    If you find yourself being victimized after cybercriminals hide and release confidential information, this will help you report the threat, negotiate, and pay on behalf of the business to regain access.

Q: How is the cost of cyber insurance calculated?

Cyber ​​insurance premiums ​​are calculated through a combination of goals and assumptions.

The starting price is determined by four objectives:

  1. Type of business (financial, government, health care, etc.)
  2. Business finance
  3. The number of records the business has
  4. Location (some countries and jurisdictions favor victim awards, which may affect debt recovery and funding)

Next are the factors involved: the underwriter can adjust prices based on the answers to their questions such as: does the business use multi-factor authentication (MFA)? Do they have a strong cyber incident response plan or partnership with the vendor? According to Logan, positive feedback can save up to 15%. But again, prices will depend a lot on state regulations.

Q: Do tools such as security assessment services work at enterprise rates?

Risk analysis services, such as Security Scorecard and Bitsight, are another factor that may affect the author. For small and medium-sized businesses (SMBs) in particular, showing consistent risk can be seen as a good thing by an insurance broker, leading to lower rates.

Q: What can businesses do to make it more attractive to carriers?

Before launching a dog and pony show, businesses must have the basics in place outlined in the program: MFA, regular on-site testing and backups, a cyber incident response plan, and more.

Beyond this, carriers are looking for organizations that can demonstrate cybersecurity maturity. For example, a strong network security staff (depending on the size of the business) and/or a strong relationship with a network security company that provides support and other continuous monitoring products such as EDR and XDR shows the maturity of the network security.

Q: How has cryptocurrency affected the ransomware process?

Cryptocurrency adds some complexity during redemption, but it also highlights the importance of having cyber insurance.

Logan said that if an attacker compromises your data or blocks your critical system, there is a 99% chance that a ransom will be sent and 100% of the time they will be asked to pay in cryptocurrency.

Cybercriminals love cryptocurrency because it’s anonymous and hard to track, but businesses rarely have thousands of dollars of Bitcoin sitting around. And even if you get the money, you may unknowingly break the law by sending money to an organization or person at a prohibited rate. OFAC list. Your agent can help you navigate the entire recovery process, from verifying the threat, negotiating your payment, and making sure the FBI doesn’t come knocking on your door the next day.

Q: What changes have you seen in the cyber insurance market over the years of your experience?

Logan remembers back in 2006, there were only three written questions: How many notes do you keep? Have you had any complaints? Do you have a backup that you test periodically?

More questions have been added over the years, but Logan saw the biggest change when COVID-19 hit.

The global pandemic has led to an increase in remote workers, leaving systems at risk. At the same time, attackers became more sophisticated and focused on BEC and ransomware, which led to an increase in their claims. As a result, insurance companies began to take a closer look at what types of business should be offered, programs became more extensive, and prices increased significantly even for existing customers who wanted to renew their policy.

Q: What are your predictions for the cyber insurance industry?

Logan expects prices and restrictions to increase for the next six months before a settlement is reached.

“If I say stability, then we will see that it is going well.” “I don’t believe we’re going to go back to a time when prices were so low,” explained Logan.

However, as many countries prohibit corporations from paying ransoms, this can lead to cost savings because ransoms will no longer be required.

Next steps

Like auto or health insurance, cyber insurance is becoming a must-have to protect organizations from financial risk. Not only can a loan save you from unplanned expenses, planning to renew or get your policy will force you to investigate and strengthen your cybersecurity maturity. To learn more about cyber insurance and cyber risk management, check out the following resources: