December 9, 2021
Cybersecurity insurance companies are experiencing record payouts, increasing from $145,000 in 2019 to $358,000 in 2020 (per Fitch ratings), a rise of over 247% in just one year. Not only is the number of ransomware attacks increasing, but one attack on a significant supply chain can lead to hundreds of downstream attacks on organizations. Thus, cyber insurance providers seek to recoup those payments through a combination of higher premiums and less coverage.
As demand for cyber insurance increases, the number of providers is decreasing. Combined with paying higher losses, cyber insurance providers are issuing new policies and renewals with higher premiums and, in many cases, with less coverage. It is up to you to do your due diligence on cyber insurance to understand the cyber policy coverage. When reviewing a plan, you need to evaluate coverage for the basics:
In addition to the above, if confidential information is released, does the cyber policy cover any resulting litigation from privacy lawsuits brought by citizens or employees who allege that you were responsible for the data loss? Does the policy cover claims that assert negligence on your part? These claims can add to the total loss from the cyber-attack.
Some cyber insurance vendors dictate which companies you must use for incident response to control payout costs should an attack occur. It could leave you without the ability to use a trusted and approved vendor partner that you were planning to use. Some policies deny coverage if you go with the vendor of your choice, and others reduce their level of benefits if you “go out of network” like you might when choosing which doctor to see.
Furthermore, having a business continuity plan in place is critical to implement should an attack occur. Contact Dewpoint to help you identify and resolve your cybersecurity vulnerabilities to save money.