Saturday, February 26, 2022

The Cyber World After The Ukrainian Invasion: Don't Depend 100% On Your Insurance Policy

 


Unfortunately, the bad news that was precipitating to happen did actually happen on Thursday morning.  And that is the Russian invasion of Ukraine.  I for sure have my own political views on this, but for purposes of this blog, I will keep neutral; 

Along with the disasters that the people of the Ukraine are facing will and will continue to do so, the ripple effects that will be felt across as a result of this invasion will now be felt across the world, especially here in the United States.

In this regard, probably the biggest thing we have to fear are the Cyberattacks that will be coming from Russia.  Although Cyberattacks from that region are nothing new, it is expected that will intensify in much greater depth, with different targets in mind.  One of the most feared targets is the attack on Critical Infrastructure. 

As I have written about before, this includes such things as the water supply lines, oil and natural gas refineries, nuclear facilities, the national power grid, the food distribution system, etc.  These just won’t be single hit shots, rather, it is expected that there could be a simultaneous attack, attacking different pieces all at the same time.

Of course, there will be other Cyberattacks as well, to all sorts of businesses across all industries.  So what is one to do?  Well, there is the usual laundry list of items that every Cyber vendor is now putting up on their respective websites.  The other  is to get a good Cybersecurity Insurance Policy for financial protection.

But keep in mind that simply because you have a Cyber Policy does not mean that you will actually be covered 100% of the entire way.  Because of its increased demand, many carriers are now restricting what they will actually cover, and in many instance, even restrict the amount of payout that you will be getting.  Just consider some of these statistics:

*There has been at least 17% more data breaches just in Q4 alone, versus the entire year of 2020;

*The average cost of a data breach is now calculated at to be almost $4.5 million, the highest ever.

You can get more information on these stats, respectively, by clicking on the following links:

https://notified.idtheftcenter.org/s/2021-q3-data-breach-analysis?utm_source=pressrelease100621&utm_medium=web&utm_campaign=Q3BreachAnalysis

https://www.ibm.com/security/data-breach

Because of these and other similar trends, businesses across Corporate America are now starting to rely upon Cybersecurity Insurance Policies to help protect themselves.  Just consider these:

*By 2020, there was a 47% increase in the purchase of Cyber Insurance Policies;

*Because of the huge demand, the prices for procuring an Insurance Policy increased by over 27%.

You can get more information on these stats, respectively, by clicking on the following links:

https://www.gao.gov/products/gao-21-477

https://www.ciab.com/resources/q3-pc-market-survey-2021/

But not only are customers are feeling the greater pinch of these increased prices, but they are also paying dearly on the other end:  They are not getting the full coverage as they were expecting.  For example, both the healthcare and insurance industries are greatly limiting the terms of coverage that they offer, just because they have been hit so often with Cyberattacks.

But apart from this, companies in these market segments will not be able to get a complete, full blanket coverage.  This would cover everything, including the downtime from after the Cyberattack happened to bringing up mission critical operations to even assisting with the long-term business continuity plans. 

Now, insurance companies are requiring that these organizations get covered by a piecemeal approach, whereby the client has to purchase different kinds of add ons, technically known as “riders” or “standalone policies” in the insurance industry.

In the worst-case scenario, there are some insurance companies that will even refuse to pay up, depending upon the kind of Cyberattack that has occurred.  The best example of this AXA.  Because of the sheer dollar volume that was paid in ransom payments in France (which as valued at well over $5.5 billion), they will now refuse to pay reimbursements for any ransom payment that has been made.

Because of this, many insurance companies are now conducting audits of prospective policy holders to make sure that they have a baseline set of controls even before their application will even be looked at.  But keep in mind that the Cyber Insurance carriers themselves are now becoming a victim. 

The primary reason for this is that the Cyberattacker knows that any business who has a comprehensive plan will more likely pay something in the end – after all, because they can now afford to. 

In fact, those companies that have such a policy are more 2X likely to pay, because they now have a security blanket that they cab literally fall on.  More information about this can be seen at this link:

https://www.insurancejournal.com/news/national/2021/07/07/621416.htm

Now, the Cyber Insurance industry is finding that they are making a loss on all of this, far exceeding their breaking their breakeven point, which is well above 70%.  More information about this statistic can be seen at this link:

https://www.darkreading.com/risk/the-future-of-cyber-insurance

My Thoughts On This:

Unfortunately, the this is the trend that the Cyber Insurance is going to go.  There will be fewer comprehensive policies, making business owners to get riders, thus further driving up the costs of the premiums. 

There will be a lot more scrutinization now when a claim is filed, and payouts may be 100%, depending upon how proactive the would-be policy holder actually has been.  And if you are lucky to get a full payout, it will take a lot longer to get those financial resources, just due to the sheer amount of paperwork that the agents have to review.

So my best advice here is not to think of your Cyber Insurance Policy as a crutch, this simply  means that don’t let it to be your security blanket, as I had previously mentioned.  As a business owner you should already be taking a very proactive stance towards Cybersecurity by maintaining the best levels of Cyber Hygiene that you can have.  Of course, this is a catch all term, but it is inclusive of all that you need to do.

If you take this approach, you will gain in two ways:  You will be able to pass the audit when you first apply, and of you do get hit, the chances are far greater that you will get a 100% payout because of your proactiveness in the first place.

 

No comments:

Post a Comment

Why Students From K-12 Are So Vulnerable In Becoming A Cyber Victim

  Whenever we hear about a Cyberattack or a security breach, we often think that the entity involved is a Fortune 500 company, or even a hea...