It has been a little over 1 year since the very public cyber-attack of Colonial Pipeline Co. that resulted in a $5M ransom demand. The effect that this hack and a subsequent string of high-profile attacks had on the cyber insurance market in 2021 is unprecedented.
Insurance companies were excited to enter this budding new market in the late twenty-teens. There was very little risk and plenty of interested buyers. This new coverage niche was highly profitable.
The Covid-induced increase in remote work and more lax security protections created a perfect opportunity for hackers. There was a dramatic increase in the number of ransomware attacks, including the Colonial Pipeline, JBS (the world's largest meatpacker), the Steamship Authority of Mass., and the Washington DC Metro Police Department. Not only was the number of attacks increasing, but the ransom amounts paid increased by 300% according to the Harvard Business Review. Computer manufacturer Acer was attacked by the REvil hacker group which demanded $50 million, the largest ransomware amount to date.
Cyber insurance carriers started taking heavy losses in pay-outs to claimants.
So what is the role of insurance in protecting yourself against the losses incurred by a data breach? Adding another layer of risk protection using cyber liability insurance makes sense in today's world but it pays to be smart about it.
Reach out to a qualified and long-standing insurance company that knows cyber coverage. They (and their underwriters) will need to know the current cybersecurity policies you have in place to protect your data. The insurance company will ask you to fill out a questionnaire that will include many questions related to your current network and existing policies for securing your data. You may need help answering the questions. A good first step would be to reach out to a qualified IT firm to perform an audit of your network and help answer these questions. If your cybersecurity policies are where they need to be, it will help lower your premiums.
Before you contact an insurance company about cyber liability insurance you will benefit from tightening up your security policies.
Protect your data. Follow the rule of 3-2-1:
Keep three (3) backups: The original and 2 copies. Keep them on two (2) types of media. Keep one (1) copy offsite.
But most importantly, you must remember to test them frequently to make sure you can retrieve your data at any time.
Remember to:
Engage cyber strategies such as End-point Protection, DNS-Layer security (DNSLS), and Multi-Factor Authentication (MFA) but most importantly enforce employee training and awareness.
These are just a few examples of tools that will help you thwart a cyber attack.
We are all aware of the cyber criminals out there, ever-present and searching for weaknesses to exploit, but perhaps even more dangerous are the unscrupulous companies that feast on fear hoping to increase their revenue at the expense of the unaware. Educate yourself about your own cybersecurity policies and the role cyber insurance plays. To fully account for the dangers, partner with an experienced cybersecurity firm that has the integrity and know-how to meet with you, provide a proper audit of your network and work with a reputable insurance company to make sure you have that extra layer of protection.