Many businesses rely on storing their data electronically on computers and the internet. While this is a convenient way that many companies operate, it can put your business at risk for cyber crime.
Cyber attacks are on the rise as more users are on the internet and using electronic devices to store data each day. By 2025, the total damage cost across the globe is expected to reach $28 billion. So how can you protect your business?
Cyber insurance seeks to help cover the detrimental costs of a cyber attack. While it may not prevent one, it is a great safeguard to make sure your business can survive one.
Read on to learn more about cyber insurance and why it is so important to be protected.
What does cyber insurance cover?
Cyber insurance coverage helps protect businesses against the costs associated with cyber attacks. It is also commonly called cyber liability insurance.
If your business stores personal and sensitive information online as digital data, you may need a cyber insurance policy. Cyber security breaches are possible and could result in sensitive information being exposed and compromised.
Data exposure on the dark web could lead to stolen information and identity theft. Your business could be at risk for costly lawsuits and expensive processes to recover from any data leaks.
Cyber insurance covers a variety of aspects of cyber crime. Depending on your policy, it may cover the costs of investigations, settlements, data recovery, business interruption, and legal fees. There are many insurance companies and policies to choose from in the cyber insurance market.
Ransomware Is on the Rise
Cyber security is becoming more and more necessary going into the future. Because of that, cyber insurance is becoming increasingly beneficial for businesses to purchase. Estimates show that by the year 2025, ransomware damages will reach $28 billion.
The Colonial Pipeline attack was the largest attack on the U.S. energy system at $4.4 million, Acer was attacked for $50 million, and JBS Foods paid $11 million. In July 2021, the Kaseya ransomware attack took the scope of ransomware attacks to a new level, as it is a managed software that in turn exploited zero days impacting an estimated 1,200 customers.
While it may be an official policy for the FBI to suggest not paying ransom to hackers, it puts the company between a rock and a hard place.
Cyber crime has become an enormous industry. It's comparable to the third-largest economy on Earth, just after the U.S. and China if cyber crime were a country. The most common type of cyber crime is ransomware. The ransomware damages alone have been $24 million in 2015, $209 million in 2016, and $170 billion in 2020.
Why is cyber crime increasing?
As more people and companies have been getting access to the internet, there are more available targets for cyber criminals. In 2020, over 5 billion people had access to the internet, a number that increases by 1 million every day. By the year 2031, a business, person, or device will be attacked with some kind of cyber attack every 2 seconds.
The pandemic ushered in an unprecedented work from home revolution - 70% of Americans worked from home in 2020 - and this increased the risk of cyber attacks exponentially. The increase in people doing their jobs online has created more opportunities for data to be shared over multiple apps and cloud services, creating more vulnerable spaces.
Creating good cyber security for remote workers is still a complicated endeavor for IT departments as they cannot fully see where security weaknesses may be.
On top of work from home causing an increase in cyber attacks, the attacks are no longer just threatening computers but also smartphones, tablets, IoT devices, cloud servers, public infrastructure, and more. Every aspect of someone’s life could be affected. This puts not only a business at risk but also the person.
With the changes in the workforce in the past year, there needs to be more protection in several areas. Cloud email security needs to be improved as phishing is currently considered the number-one vector in cyber attacks.
For enterprises, IoT devices remain the quickest point of entry with 65% of enterprises already reporting at least one security incident. And lastly, better cyber security needs to be implemented for those working from home.
Businesses Are Not Prepared for Cyber Attacks
Even businesses' best practices fall short of preventing an attack, leaving themselves vulnerable with a false assurance of safety. The most common tools used to protect against an attack are the very ones that are most easily attacked.
Two-factor authentication, password manager apps, and making use of a “strong” password are not enough to prevent a security attack from occurring. In fact, in 2018, 81% of security incidents were associated with a weak or stolen password. Last year there were 15 billion stolen credentials for sale on the dark web.
Around 80% of IT leaders say their company lacks sufficient protection to prevent a cyber attack. In fact, 77% of organizations don’t even have a response plan in place if they were attacked. Those that have been attacked are still not developing one.
A cyber attack on a business can be devastating. If successful, the result could be a complete loss. Most cyber attacks target small to midsize companies. In just the last two years, 66% of small businesses were targeted. Once these businesses fall victim to an attack, 60% of them don’t last past a few months as the cost is too great to withstand.
Is cyber insurance worth the cost?
Cyber insurance is designed to help protect against cyber attacks, but you may be wondering, is cyber insurance worth it? By no means is cyber insurance a silver bullet - you’ll have to weigh the costs and benefits.
Typically, cyber security insurance coverage includes profit losses, liabilities, and lawsuits. However, it doesn’t include physical property damage, including “bricked” devices, a future loss of profits, or your company’s intellectual property that may be leaked.
Whether you decide on getting cyber insurance or not - by the year 2028, spending on cyber security will reach $193 billion. If you’re an SMB, plan to put somewhere between 5% to 20% of your IT budget toward preventing cyber attacks.
How much does cyber insurance cost?
The cost of a cyber insurance policy largely depends on your business’ cyber risk and how much coverage is needed. Other factors affect the price, including the line of business you are in, how much and what type of data you store, your network security, who accesses your data and how, and your past claims history.
There are also many different cyber insurance companies available. Your rate can vary based on the cyber insurance company you choose.
Does cyber insurance cover ransomware payments?
You might be surprised to learn that the insurance providers are not paying out a significant percentage of cyber insurance claims. In the first half of 2020, 41% of cyber insurance claims related to ransomware attacks were not paid.
An interesting wrinkle in the see-saw battle between companies and hackers - some hackers will infiltrate your system to find your policy and then figure out the maximum amount to ask for a given policy amount.
The U.S. government is also seeking to take a crack at the issue by offering up to $10 million in bounty rewards to those who can lead them to cyber attackers. The hope is to create an incentive for those who may know of weak spots.
More and more government agencies are beginning to see their need for involvement to prevent cyber attacks, especially ones that could affect top-secret agencies.
Why is cyber insurance important?
Cyber insurance is the latest insurance trend needed to protect your business. While it isn’t a replacement for ransomware and other cyber attacks, it’s a great safeguard against those that look to do your company harm.
Creating safeguards to protect yourself and your business is essential, but having a safety net could mean the difference between surviving or not when the worst-case scenario happens.