Unfortunately, the bad news that was precipitating to happen
did actually happen on Thursday morning.
And that is the Russian invasion of Ukraine. I for sure have my own political views on
this, but for purposes of this blog, I will keep neutral;
Along with the disasters that the people of the Ukraine are
facing will and will continue to do so, the ripple effects that will be felt
across as a result of this invasion will now be felt across the world, especially
here in the United States.
In this regard, probably the biggest thing we have to fear are
the Cyberattacks that will be coming from Russia. Although Cyberattacks from that region are
nothing new, it is expected that will intensify in much greater depth, with
different targets in mind. One of the
most feared targets is the attack on Critical Infrastructure.
As I have written about before, this includes such things as
the water supply lines, oil and natural gas refineries, nuclear facilities, the
national power grid, the food distribution system, etc. These just won’t be single hit shots, rather,
it is expected that there could be a simultaneous attack, attacking different pieces
all at the same time.
Of course, there will be other Cyberattacks as well, to all
sorts of businesses across all industries.
So what is one to do? Well, there
is the usual laundry list of items that every Cyber vendor is now putting up on
their respective websites. The other is to get a good Cybersecurity Insurance
Policy for financial protection.
But keep in mind that simply because you have a Cyber Policy
does not mean that you will actually be covered 100% of the entire way. Because of its increased demand, many
carriers are now restricting what they will actually cover, and in many
instance, even restrict the amount of payout that you will be getting. Just consider some of these statistics:
*There has been at least 17% more data breaches just in Q4
alone, versus the entire year of 2020;
*The average cost of a data breach is now calculated at to be
almost $4.5 million, the highest ever.
You can get more information on these stats, respectively, by
clicking on the following links:
https://www.ibm.com/security/data-breach
Because of these and other similar trends, businesses across
Corporate America are now starting to rely upon Cybersecurity Insurance
Policies to help protect themselves.
Just consider these:
*By 2020, there was a 47% increase in the purchase of Cyber
Insurance Policies;
*Because of the huge demand, the prices for procuring an
Insurance Policy increased by over 27%.
You can get more information on these stats, respectively, by
clicking on the following links:
https://www.gao.gov/products/gao-21-477
https://www.ciab.com/resources/q3-pc-market-survey-2021/
But not only are customers are feeling the greater pinch of
these increased prices, but they are also paying dearly on the other end: They are not getting the full coverage as
they were expecting. For example, both the
healthcare and insurance industries are greatly limiting the terms of coverage
that they offer, just because they have been hit so often with Cyberattacks.
But apart from this, companies in these market segments will
not be able to get a complete, full blanket coverage. This would cover everything, including the downtime
from after the Cyberattack happened to bringing up mission critical operations
to even assisting with the long-term business continuity plans.
Now, insurance companies are requiring that these organizations
get covered by a piecemeal approach, whereby the client has to purchase different
kinds of add ons, technically known as “riders” or “standalone policies” in the
insurance industry.
In the worst-case scenario, there are some insurance
companies that will even refuse to pay up, depending upon the kind of Cyberattack
that has occurred. The best example of
this AXA. Because of the sheer dollar
volume that was paid in ransom payments in France (which as valued at well over
$5.5 billion), they will now refuse to pay reimbursements for any ransom
payment that has been made.
Because of this, many insurance companies are now conducting
audits of prospective policy holders to make sure that they have a baseline set
of controls even before their application will even be looked at. But keep in mind that the Cyber Insurance
carriers themselves are now becoming a victim.
The primary reason for this is that the Cyberattacker knows that
any business who has a comprehensive plan will more likely pay something in the
end – after all, because they can now afford to.
In fact, those companies that have such a policy are more 2X
likely to pay, because they now have a security blanket that they cab literally
fall on. More information about this can
be seen at this link:
https://www.insurancejournal.com/news/national/2021/07/07/621416.htm
Now, the Cyber Insurance industry is finding that they are
making a loss on all of this, far exceeding their breaking their breakeven
point, which is well above 70%. More information
about this statistic can be seen at this link:
https://www.darkreading.com/risk/the-future-of-cyber-insurance
My Thoughts On This:
Unfortunately, the this is the trend that the Cyber Insurance
is going to go. There will be fewer comprehensive
policies, making business owners to get riders, thus further driving up the costs
of the premiums.
There will be a lot more scrutinization now when a claim is
filed, and payouts may be 100%, depending upon how proactive the would-be
policy holder actually has been. And if
you are lucky to get a full payout, it will take a lot longer to get those
financial resources, just due to the sheer amount of paperwork that the agents
have to review.
So my best advice here is not to think of your Cyber
Insurance Policy as a crutch, this simply
means that don’t let it to be your security blanket, as I had previously
mentioned. As a business owner you should
already be taking a very proactive stance towards Cybersecurity by maintaining the
best levels of Cyber Hygiene that you can have.
Of course, this is a catch all term, but it is inclusive of all that you
need to do.
If you take this approach, you will gain in two ways: You will be able to pass the audit when you
first apply, and of you do get hit, the chances are far greater that you will
get a 100% payout because of your proactiveness in the first place.
No comments:
Post a Comment