Relying on insurance to save you from a ransomware attack is no longer a workable strategy.

More businesses than ever are relying on cyber insurance to provide a backstop against intrusion, data loss, and regulatory compliance violation due to cyberattack. But new research shows that cybersecurity insurance premiums will continue to rise sharply throughout 2021, threatening to undermine one of the best tools in the risk management toolbox.

Here are some of the statistics and predictions that are circulating in the cyber insurance world:

  • A study by the S. Government Accountability Office (GAO) found that in 2020, half of survey respondents saw their cyber risk premiums increase between 10% and 30%.
  • Professional services firm Aon PLC predicts premiums will rise between 20% and 50% in 2021.

The Factors Driving Higher Cyber Insurance Premiums

The primary cause of higher insurance premiums is the increase in both the number and severity of cyber crimes, with ransomware attacks playing a particularly prominent role.

Ransomware flourished over the last year, growing as much as 485%, according to industry sources. But it’s not just the raw number of ransomware attacks that has increased; it’s the size of the payouts that criminals are demanding.

In their H1 2020 Cyber Insurance Report, leading cyber insurance firm Coalition found that ransomware payouts increased 100% from 2019 to Q1 2020, then jumped an additional 47% from Q1 to Q2 of last year.

In just the last year, businesses have paid some spectacular ransomware fees:

  • CNA Financial, one of the largest insurance companies in the U.S., paid 40 million dollars to hackers in March 2021.
  • Technology firm Garmin paid 10 million dollars after falling victim to the WasterLocker ransomware.
  • U.S. based travel service CWT Global paid 4.5 million dollars to unlock the Ragner Locker ransomware variant.

In total, it’s estimated that there will be more than $20 billion dollars in ransomware related damages by the end of 2021.

While ransomware is one of the key drivers behind higher cyber insurance premiums, it’s not the only one. In many cases, the uptick in cybercrime is simply revealing existing cybersecurity vulnerabilities that have existed for many years – vulnerabilities that were greatly exacerbated by the recent COVID-19 pandemic and subsequent lockdown.

Unsecured Remote Desktop and Work from Home Systems
During the coronavirus outbreak, most businesses that could shifted workers to a work-from-home arrangement. Many of these businesses did so without properly securing their work-from-home systems. Remote desktop protocol is a chronic source of cybersecurity vulnerability, and the leading cause of ransomware infection.

Poorly Managed Vendor Risks
While strategic vendor partnerships can help achieve operational and cost efficiency, they’re also a chronic source of instability. The risks and compliance challenges associated with external vendors is a challenge that too often gets overlooked, even by regulated organizations in the healthcare and financial services field.

Another driver of higher cyber insurance premiums is increasing cybersecurity response fees.

The costs associated with cybersecurity intrusion include legal costs, the work of digital forensic experts, cybersecurity expertise, replacement hardware, and may even include a negotiator to help you navigate the ransomware payment process. Each of these adds significant cost to a ransomware recovery effort.

Security Fundamentals Can Help Control Insurance Premiums

If ransomware and its associated costs continue to rise, it could not only lead to higher insurance premiums, but it could eventually mean the insurance industry is less enthusiastic about providing cyber insurance of any kind — or provides less than comprehensive protection.

While the cyber insurance industry is likely to endure the most recent wave of attacks, insurers and regulators are using the increase in cybercrime to put more pressure on policy holders to strengthen their cybersecurity protections.

Business decision makers don’t need to view these new requirements as a burden. Instead, they’re a great opportunity to revisit cyber security fundamentals and ensure that you’re doing the best you can to protect yourself. They have the added benefit of helping you keep your insurance premiums under control.

Two-Factor Authentication
Securing sensitive information with two-factor authentication (2FA) is maybe the single greatest tool that organizations have in the fight against intrusion. It’s also a protection that all cyber insurance firms will want to see rigorously implemented across your network.

Security Awareness Training
A knowledgeable, vigilant staff is an excellent first line of defense against cyberattack and ransomware, but don’t rely on annual security seminars to provide effective training. Now we know that short, regular, and interactive cyber awareness lessons delivered online are the best way to prepare your staff for attack, and demonstrate seriousness to your insurer.

Network Security Monitoring
Companies that handle a large volume of sensitive customer data or protected information will want to consider partnering with a managed security service firm. These companies provide a team of analysts and engineers who will monitor your network 24/7 using specialized security tools, providing the highest level of security preparedness.

Incident Response Planning
Having a documented plan for identifying, mitigating, and recovering from a ransomware or other form of cyberattack is an important part of any cybersecurity program. By developing a clear plan and communicating it throughout your team, you can build a culture of cybersecurity in your business and demonstrate to insurers that you take data protection seriously.

Update Legacy Hardware and Software
Ransomware, malware, and cyber criminals need a way inside your network. Oftentimes the easiest way into a system is through unpatched hardware or software systems, which is why every business should have documented processes and schedule for ensuring that updates are applied as they become available, then tested.

Cybersecurity and Cyber Insurance Solutions for Businesses

Complete Network provides comprehensive cybersecurity service to businesses in New York, North Carolina, and South Carolina. Our team of cybersecurity consultants can help you purchase a cyber insurance policy, control the cost of your insurance premiums, build a stronger regulatory program, or help your business achieve any other important security goal.

If you’re struggling to find cybersecurity confidence, reach out any time at 877 877 1840 or [email protected]. We look forward to answering your questions!

Is Complete Network the Right Fit for Your Business? Download Our Partner Evaluation Guide to Find Out.

We know that the first step toward better IT support is to research your options. We’ve put this guide together to aid you in that process.

It’s designed to give you an overview of our organization, so that you have the key information you need to evaluate our service fit.

This guide covers:

  • • Who we serve
  • • Who we are as an IT company
  • • Why you’ll benefit from working with us
  • • What your engagement will be like

Download it for free by filling out the form here.