Cyber insurance is a necessity in today’s cybersecurity landscape, especially in the wake of widespread ransomware attacks on commercial businesses of all sizes.
A cyber insurance policy enables companies to transfer the cost of recovering from cyber incidents. In the event of a data breach, your cyber insurance policy can cover the costs of damages to others, profits lost if your network goes down, and the cost of negotiating ransomware.
But insurance companies don’t go into the business because they have loads of money to offer clients free help if a data breach occurs. Customers pay annual or monthly premiums to offset the financial risks they carry. Then when companies file a claim, the insurance company will have their back and help them recover from an attack. But this financial assistance comes at a high price.
Companies are constantly making decisions to balance their costs, risks, and profits, but the rising rate of cyber insurance has many choosing to take on the risk without insurance. In the United States, cyber insurance costs have risen 123% since 2020, slowing down the sale of policies despite rising cybercrime rates.
This article will explain the two underlying factors driving cyber insurance rates up and what they may mean for brokers.
Why Are Cyber Insurance Rates Going Up?
Cyber insurance rates change over time based on a risk assessment of the policyholders. For example, people who are healthy typically have more affordable insurance policies than those with critical illnesses because their health risk is proportionally lower. The same is true for cyber insurance policies.
An organization that stores large amounts of sensitive data is more likely to be victimized by attackers, so their rates will be higher. But that doesn’t explain why cyber insurance rates are going up for everyone who applies, not only those companies that belong to high-risk industries.
Here are the two main reasons why cyber insurance rates are going up:
Remote Work
An increase in the remote workforce plays a key role in rising insurance rates. When companies hire remote workers, their cybersecurity environment becomes much more complicated. Unlike traditional office networks, a remote workforce requires a software-defined network that can be accessed from devices on various internet connections. While this new business model has many benefits for organizations, improved security isn’t one of them.
Remote workers make companies more vulnerable to cyberattacks because they increase the organization’s attack surface. Instead of only a few potential entry points, hackers can take advantage of many potential entry points. Plus, it’s easier for hackers to stay hidden on a network that sees a lot of dynamic activity, like connecting to various ports and using credentials on numerous devices.
Employees might even inadvertently put the organization in a more vulnerable position while working remotely. For example, they might use a public Wi-Fi network at a local cafe to sign into their company accounts. Or they could use their personal phone or laptop while accessing company records on the go. Even if they are working from home every day, their internet connection is likely only to be protected by consumer-levels of network security. These factors combined make remote workers an easy target for sophisticated attackers.
Ransomware Attacks
Ransomware is a unique threat that puts organizations and their clients at risk of data loss. Unlike traditional attacks, ransomware involves the theft of data and requires the payment of a ransom for businesses to restore what they lost.
Instead of just being hit with recovery costs, there are also ransom costs and costs associated with building a better cybersecurity posture. And attackers aren’t just looking for big businesses. They are equally likely to attack a small or midsize business as well.
Ransomware attacks are known to cause a lot of damage and cost a lot of money to recover from. Especially because of the variety of attack vectors hackers use to execute these planned attacks. Criminals can easily target unpatched software vulnerabilities, Linux operating systems, cloud implementations, MSPs, and their entire network of customers. For insurance companies, this is a huge risk.
The average ransomware attack costs about $4.3 million, and over 80% of companies will be the victims of a targeted attack. The odds weigh heavily against organizations, which means that insurance companies that represent them are likely to be called to pay out on a cyber claim.
How Rising Cyber Insurance Rates Affect Brokers
In the past, cyber insurance providers have raced to expand their clientele by offering lower prices and more coverage. As a result, the low prices of insurance attracted many businesses and helped establish the cyber insurance industry. But just like the car insurance industry, there are many variables that go into the price of cyber insurance.
All of these are factors that can have an impact on the premiums that customers pay. And now that cyber threats are rising in cost and likelihood, the premiums of the past are simply not enough to handle the number of cyber claims that are coming through. And unfortunately, insurance companies have no choice but to raise their rates.
Here’s how brokers are being affected by the rising rates of cyber insurance:
- Brokers will need to rethink their sales strategy. Companies are more willing to take on cyber risks “out of pocket,” so brokers offering low prices or great coverage may not be enough to sway them.
- They will need to be knowledgeable about cyber protection solutions. Insurance providers are pickier about their requirements to insure. For example, about half of cyber insurance companies require organizations to deploy malware protection to be covered.
- Brokers will need to learn about cyber policy. Increasing oversight from regulatory agencies and governments also means that it could be illegal to represent a company that doesn’t follow certain compliance standards.
Wrapping up
Overall, cyber insurance brokers will need to become knowledgeable about cyber security, penetration testing, and services that can help keep companies safe from an attack so that they can be insured at better rates. They will become a key part of security software sales and marketing and also serve as a cyber security risk assessment counselor for organizations seeking coverage.
Companies need cyber insurance, and brokers are in a position to help them succeed. Brokers that deeply understand their client’s risks will be able to make better security suggestions and help their clients become insured. Learn how to end cyber risk with Arctic Wolf.
Explore highlights from our survey of over 500 IT and security leaders in North America with the Arctic Wolf 2023 Cyber Insurance Outlook Report.
