With Cyber Criminals Getting More Sophisticated, Both the Cost and Importance of Cyber Liability Insurance is Increasing
By James Barr, Vice President
Worse news: As the number of attacks continues to increase, the sophistication of the attackers continues to accelerate and the damages inflicted continue to escalate. As a result, the cost of insuring against these threats is rising.
Whereas many used to think of cyber crime as something that only impacted the big corporations, far too many are discovering that there is no unique profile of victim when it comes to digital hacks. It can literally happen to anyone.
The somewhat comforting news? You’re not hopeless to the point that you just have to wait for the inevitable. Not only can you take proactive measures to protect your digital and financial assets, there are preventative measures you can take to protect your business from the rising costs of insuring against these damages as well.
Is It Only Going to Get Worse?
According to Dan Cook, Detective Sergeant of the Michigan Cyber Command Center (a division of the Michigan State Police), it’s not our imaginations: cyber crimes are rampant. “Cyber crimes are increasing both in frequency and in sophistication,” Cook said. “More recent vulnerabilities have been discovered and publicized, which has opened up doors that were typically closed to the novice cyber criminals.
“Not only are there more exploitable vulnerabilities than ever before, there are more cyber criminals than ever before. They are more active, more sophisticated, and working harder than ever to avoid detection.”
Consider just the high-profile cyber attacks that make the headlines: the well-publicized SolarWinds attack by Russian hackers and the Colonial Pipeline cyber attack, to name only two recent examples. In both instances, there were far-reaching implications that extended well beyond the targeted company’s assets, raising both costs and concerns for nearly everyone, and each with geopolitical implications.
Chances are, you or someone you know has already been a target. Just the other day, I was hearing a personal horror story of a company that thought they had paid a $90,000 invoice to a supplier, only to find out it was a fraudulent charge from an imitator. By the time the company and vendor figured out what was going on, it was too late and the money was already gone. Fraudulent fund transfers such as this are among the most common—and the most costly—cyber crimes these days. They’re all too easy to pull off and far too difficult to detect and remedy.
In our world (the insurance industry), the actuaries—whose job it is to project damages and potential exposures so as to provide rates for coverage—are openly lamenting that they have lost confidence even in their own ability to predict the financial damage that can be incurred in cyber attacks in the years ahead.
All of that uncertainty drives two regrettable outcomes: higher premiums and limited coverage availability.
Your Best Defense: Time to Go On Offense
Though premiums are understandably skyrocketing (sometimes doubling, or even tripling, at renewal!) and some insurers are pulling out of the cyber liability market altogether, the alternative to cyber liability insurance is simply too risky and too expensive. No longer can corporations and small businesses operate on hope and avoidance as protective measures.
Here are some steps you should take to start mitigating these vulnerabilities and resulting cost increases:
The first course of action is to make sure that you have a relationship with an insurance broker that has vast knowledge, resources and access to markets in the cyber liability arena. This will assure that you can find a policy that is the best in the marketplace at the most reasonable cost. Both premiums and policy features are changing literally every day, according to the carriers we represent. Do your homework until you find someone that truly understands cyber risks, exposures, limitations and coverage options.
Make sure that your company, your people and your systems are all running on what’s known as multi-factor authentication (MFA) protocols. Yes, these extra steps we need to take to log into simple systems like email are annoyances and inconveniences, but they pale in comparison to the crippling headaches and paralysis that a cyber attack can inflict. By now, you’ve been prompted to enter texted security codes into a program or system at some point, so you’ve seen this before. It will be more commonplace and more prevalent in all walks of life in the years ahead. Incorporate MFA into as many of your company’s processes as possible, and you will at least have a first line of defense against would-be attackers.
Conduct a cyber liability audit to detect and remedy known vulnerabilities before they’re exploited. Our agency works with partners who will provide a complimentary audit of your website to detect potential risks so you or your IT team can secure known vulnerabilities before you receive a quote for cyber liability insurance. Then, once you have locked down these common exposures to hackers, a subsequent audit and report can be provided to the insurers so that you get the best possible rates quoted for your policy. Such a report will provide some level of confidence to those underwriters whose job it is to assess your company’s specific risk and quote the premiums accordingly.
Unfortunately, social engineering crimes, phishing, hacking, fraudulent fund transfers and any manner of new and innovative cyber crimes are here to stay. The best way to protect your company and its assets against inevitability is to take action before a potential breach occurs. This means reviewing everything from insurance coverage to company policies and procedures. It even means new or broader investments in “white-hat” technologies and systems that are doing their best to keep pace with the advancements of those in the proverbial black hats. (Think: anti-computer-virus monitoring software, for example. The more sophisticated the attacks become, the more sophisticated the anti-virus software needs to be.)
Cook of the MSP added, “Everybody’s a target these days. The misconception that my business is too small or that I’m not important enough to be targeted needs to be retired. Every organization and individual needs to have a disaster response plan in place, and cyber security insurance can certainly be part of that disaster recovery plan. Better to have that plan in place before you fall victim to an attack, rather than trying to piece one together quickly when you are in disaster-response mode.”
My best advice is this: Don’t wait until you’re the victim of cyber criminality to see firsthand just how painful and crippling it can be to your organization. Trust the experiences of others, and trust your partners to help you keep the cyber wolves at bay as best they can.