Relying on insurance to save you from a ransomware attack is no longer a workable strategy.

More businesses are relying on cyber insurance to provide a backstop against intrusion, data loss, and regulatory compliance violations due to cyberattacks. But new research shows that cybersecurity insurance premiums will continue to rise sharply throughout 2021, threatening to undermine one of the best tools in the risk management toolbox.

Here are some of the statistics and predictions that are circulating in the cyber insurance world:

  • A study by the S. Government Accountability Office (GAO) found that in 2020, half of the survey respondents saw their cyber risk premiums increase between 10% and 30%.
  • Professional services firm Aon PLC predicts premiums to rise between 20% and 50% in 2021.

The Factors Driving Higher Cyber Insurance Premiums

The primary cause of higher insurance premiums is the increase in both the number and severity of cybercrimes, with ransomware attacks playing a particularly prominent role.

Ransomware flourished over the last year, growing as much as 485%, according to industry sources. But it’s not just the raw number of ransomware attacks increased, it’s the size of the payouts that criminals are demanding.

In their H1 2020 Cyber Insurance Report, the leading cyber insurance firm Coalition found that ransomware payouts increased 100% from 2019 to Q1 2020, then jumped an additional 47% from Q1 to Q2 of last year.

In just the last year, businesses have paid some spectacular ransomware fees:

  • CNA Financial, one of the largest insurance companies in the U.S., paid 40 million dollars to hackers in March 2021.
  • Technology firm Garmin paid 10 million dollars after falling victim to the WasterLocker ransomware.
  • S. based travel service CWT Global pays 4.5 million dollars to unlock the Ragner Locker ransomware variant.

In total, it’s estimated that there will be more than $20 billion dollars in ransomware-related damages by the end of 2021.

While ransomware is one of the key drivers behind higher cyber insurance premiums, it’s not the only factor. In many cases, the uptick in cybercrime is simply revealing existing cybersecurity vulnerabilities that have existed for many years, vulnerabilities that were greatly exacerbated by the recent COVID-19 pandemic and subsequent lockdown.

  • Unsecured Remote Desktop and Work from Home Systems
    During the coronavirus outbreak, most businesses (that could) shifted workers to a work-from-home arrangement. Many of these businesses did so without properly securing their work from home systems. Remote desktop protocol is a chronic source of cybersecurity vulnerability and the leading cause of ransomware infection.
  • Poorly Managed Vendor Risks
    While strategic vendor partnerships can help achieve operational and cost efficiency, they’re also a chronic source of instability. The risks and compliance challenges associated with external vendors is a challenge that too often gets overlooked, even by regulated organizations in the healthcare and financial services field.

Another driver of higher cyber insurance premiums is increasing cybersecurity response fees.

The costs associated with cybersecurity intrusion include legal costs, the work of digital forensic experts, cybersecurity expertise, replacement hardware, and may even include a negotiator to help you navigate the ransomware payment process. Each of these adds significant cost to a ransomware recovery effort.

Security Fundamentals Can Help Control Insurance Premiums

If ransomware and its associated costs continue to rise, it could not only lead to higher insurance premiums, but it could eventually mean the insurance industry is less enthusiastic about providing cyber insurance of any kind — or provides less than comprehensive protection.

While the cyber insurance industry is likely to endure the most recent wave of attacks, insurers and regulators are using the increase in cybercrime to put more pressure on policyholders to strengthen their cybersecurity protections.

Business decision-makers don’t need to view these new requirements as a burden. Instead, they’re a great opportunity to revisit cybersecurity fundamentals and ensure that you’re doing the best you can to protect yourself. They have the added benefit of helping you keep your insurance premiums under control.

  • Two-Factor Authentication
    Securing sensitive information with two-factor authentication (2FA) is maybe the single greatest tool that organizations have in the fight against intrusion. It’s also protection that all cyber insurance firms will want to see rigorously implemented across your network.
  • Security Awareness Training
    A knowledgeable, vigilant staff is an excellent first line of defense against cyberattack and ransomware, but don’t rely on annual security seminars to provide effective training. Now we know that short, regular, and interactive cyber awareness lessons delivered online are the best way to prepare your staff for an attack, and demonstrate seriousness to your insurer.
  • Network Security Monitoring
    Companies that handle a large volume of sensitive customer data or protected information will want to consider partnering with a managed security service firm. These companies provide a team of analysts and engineers who will monitor your network 24/7 using specialized security tools, providing the highest level of security preparedness.
  • Incident Response Planning
    Having a documented plan for identifying, mitigating, and recovering from a ransomware or other form of cyberattack is an important part of any cybersecurity program. By developing a clear plan and communicating it throughout your team, you can build a culture of cybersecurity in your business and demonstrate to insurers that you take data protection seriously.
  • Update Legacy Hardware and Software
    Ransomware, malware, and cybercriminals need a way inside your network. Oftentimes the easiest way into a system is through unpatched hardware or software systems, which is why every business should have documented processes and schedules for ensuring that updates are applied as they become available, then tested.

Cybersecurity and Cyber Insurance Solutions for Businesses

At Complete Network, we deliver comprehensive cybersecurity services to businesses in Albany, New York, Charlotte, North Carolina, and Bluffton, South Carolina. Our team of cybersecurity consultants can help you purchase a cyber insurance policy, control the cost of your insurance premiums, build a stronger regulatory program, or help your business achieve any other important security goal.

If you’re struggling to find cybersecurity confidence, reach out any time at 877 877 1840 or [email protected]. We look forward to answering your questions!

How To Supplement Your Internal IT Team.

In an ideal world, technology would be a consistent source of competitive advantage and benefit for small and midsized businesses. The reality is that many fail to realize that confidence.

Without the right resources and support, even a highly skilled technology team can become overwhelmed by the growing list of technology management duties. When important tasks get neglected, it creates ripple effects throughout an organization that damage productivity and efficiency.

The co-managed IT services model solves these problems by providing your existing IT team with all the support and resources they need to successfully plan, manage, and defend your network technology.

This guide covers:

  • • Aligning technology with business goals
  • • Reducing churn while preserving institutional knowledge
  • • Empowering your staff to maximize productivity
  • • Achieving the highest level of cybersecurity defense

Download it for free by filling out the form here.