Cybersecurity rates are increasing while coverage is decreasing. Per the Wall Street Journal, “Direct-written premiums collected by the largest U.S. insurance carriers in 2021 swelled by 92% year-over-year”. Most of the increase is due to the sophistication of the attacks, higher ransomware payment demands, and the number of attacks. The State of Ransomware 2021 global survey (per Sophos) includes the following chilling facts:
- The average cost of remediating a ransomware attack more than doubled in the last 12 months. Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021. This means that the average cost of recovering from a ransomware attack is now ten times the size of the ransom payment, on average
- The average ransom paid was $170,404. While $3.2 million was the highest paid out of those surveyed, the most common payment was $10,000. Ten organizations paid ransoms of $1 million or more
- The number of organizations paying ransom increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) managed to get back all their data.
All this bad news results in cybersecurity insurance increases for your organization.
Steps you can take to get the most value out of your cybersecurity insurance
Review your cybersecurity posture – take a self-assessment against theCIS Critical Security Controls (CIS Controls). Seeing how your organization ranks against the control can provide a snapshot of focus areas for improvement before obtaining or renewing your cybersecurity policy. If you aren’t sure where to start with the assessment or need help implementing improvements, Dewpoint’s cybersecurity experts are here to assist.
Review your data – the more highly sensitive data your organization holds, the more risk. Taking the simple step of reviewing your data can reduce your premium. Determine if you need the data to conduct your business and review the best way to safeguard it through additional security and limiting access to critical employees. If you need to print the information, make sure the paper is kept in a locked cabinet and office and destroyed in a secure method. If it is all virtual, use encryption software for email and limit file-sharing capabilities.
Review your policy for loopholes – most insurance policies do not cover “an act of war.” If a ransomware attack occurs because of the current Russian invasion of Ukraine, would you be covered? It’s an excellent question to ask your provider, given the uncertainty in our world, and determine the definition of “war.” For more information on different types of insurance and what they cover, click here.
Navigating through the cybersecurity insurance maze can be a daunting task. Dewpoint can help by starting with an assessment to identify gaps in your current environment and recommendations to reduce those gaps. Organizations with poor security controls may be uninsurable or unable to afford a policy if available. Reach out to one of our security experts to help you get the most value out of your cybersecurity insurance and increase your overall security posture.