Hopefully, you’ve realized one of your pieces of defense in the cybersecurity war is Cyber Liability Insurance or Data Breach Insurance, sometimes called Cyber Insurance. What you may not know is that cyber liability insurance is getting more difficult to obtain. Several insurance companies we’ve spoken with have reported that in 2017, cyber liability claims outpaced other claim types, including medical liability claims! In very simple terms, this means that cyber liability insurance is costing the insurance companies a lot of money. As you know insurance companies are not in business to lose money, so they are now taking steps to reduce their losses.
More Difficult to Acquire
As the cost of providing cyber insurance increases, the insurance companies look for ways to offset those costs or losses. One of the obvious ways is to raise premiums, but that’s not good for sales. Another way is to better evaluate each client and charge according to their risks or liabilities. The insurance companies have done this by asking more technical questions during the application process to ascertain how well the client is protecting the valuable data. The smart insurance companies are now requiring a Cybersecurity Risk Assessment (aka “HIPAA lite”) before quoting the price of cyber insurance.
More Expensive
One of the effects of all the cyber attacks is a rise in cyber liability premiums. Although we couldn’t find reliable estimates of the increase in premiums for cyber liability insurance, we did talk to several insurance companies that estimated premiums have more than doubled in less than 18 months. Whether they have gone up 5% or 100% isn’t the issue – the issue is that cyber attacks are so common that the insurance companies are having to pay out on claims and they plan to recover their losses. Take note of this and take action. Harden your systems, make sure your backups can be restored successfully and buy cyber insurance from a reputable company (and read the fine print).
More Needed
Most small businesses either don’t have cyber liability insurance or not near enough. The average remediation effort after suffering a cyber breach and loss of data is over $800,000 dollars. Of small businesses that actually have cyber liability insurance, the estimated average coverage is $100,000. That’s leaving them with a $700,000 shortfall to pay out of pocket. That doesn’t include loss of reputation, revenue, and clients.
Take Aways
- Perform a cyber risk assessment that complies with the government-required standards for your industry. (HIPAA, NIST 171, GDPR, FISMA, NAIC’s Insurance Data Security Model Law). The risk assessment will give you the information you need to reduce your probability of a cyber breach and if you are breached, the information needed to reduce the impact. Reducing the risk of a breach and reducing the impact if a breach should occur should also translate into reducing your cyber insurance premiums.
- Based on the risk assessment results, take the necessary corrective actions to harden your cyber defenses.
- Consider purchasing cyber liability insurance. If you already have cyber liability insurance, you might consider purchasing more than you already have.
- Do the risk assessment first!
Do you need help performing a cyber risk assessment? Email us at info@thirdrock.com or give us a call at 512.310.0020. We’d be more than happy to help!