The effects of a successful ransomware attack are, unfortunately, devastating. Affected companies can expect negative financial impacts, including lost sales and severely hampered productivity due to downtime, reputational and credibility hits in the marketplace and with clients, along with the likelihood of increased cyber insurance fees. We also seeing that 80% of companies hit by ransomware are targeted for subsequent attacks! Yes, the impact of a successful ransomware attack has spread its wings and impacts your insurance premiums.
Cybersecurity insurance is similar to other forms of insurance that you are likely familiar with, such as car insurance. The insurance protects you in the event of an incident. In the case of cybersecurity insurance, the incident could be a data breach, interruption in business, network damage, and in some cases payment of a ransomware demand. In other words, if your business experiences a ransomware attack and decides to pay the ransom, your cybersecurity insurance may reimburse the business for the ransom, or a portion of it. But, it’s no longer that simple.
In 2020, cybercriminals took advantage of the mass switch to a work-from-home environment. And, as a result, ransomware attacks increased. And by increased, we mean a 600% increase. In addition to the number of attacks, the ransom amounts hackers demanded also doubled in 2021. The highest demand was roughly $30 million – the previous peak was $15 million (yep, double!). The combination of more attacks with a higher ransom has been wreaking havoc on the cyber insurance industry. And, their response has largely been to increase their premiums. In some cases, organizations are noticing a 50-100% increase in cyber insurance premiums.
But, an increase in premiums is not the only potential change. Some insurance companies are exploring ransomware sub-limits, the need for co-insurance, and increasing premiums for organizations that do not implement cybersecurity measures at the company level. In other words, they may not insure you at all, or you’ll be paying a heck of a lot if your business doesn’t implement appropriate cybersecurity procedures. And, while a lower insurance premium may be nice, the bigger benefit of implementing cybersecurity procedures is more effectively protecting your organization – a bit of a win, win scenario.
Cybersecurity Measures To Implement
- Enable company-wide multi-factor authentication. If it has an account or a login/password, implement multi-factor authentication.
- Have a backup system in place and regularly backup important data and files. Ideally, have the backup stored remotely, and offline.
- Discuss phishing scams at length with your team. Implement cybersecurity awareness training for your company. A single click on a bad link can cause a horrible chain of events for an organization.
- Patch and update systems when needed. Do not wait on these.
- Close open ports. Open ports make it easy for cybercriminals to access data.
- Limit the number of employees that have administrative access to sensitive data. Know who these employees are, and periodically review whether or not they still need access.
- Make cybersecurity a priority for management, and cultivate a cyber-minded culture.
- Work with cybersecurity specialists – either employ a team, or work with a trusted, outsourced organization.
- Use next generation EDR (replace older antivirus software with newer Endpoint Detection and Response technologies).
Implementing a basic level of cybersecurity measures can help protect your company and can also be a benefit when it comes to cyber insurance. To learn more about the current state of Cyber Insurance, watch our latest webinar. If you are in need of cyber insurance or would like a review of your current policy, contact us for a free review of your Insurance Policy.
And, if you’re not sure where to start, or would like to really amp up your cybersecurity defenses, consider requesting a risk assessment. Our risk assessment includes a full network security audit that determines if there are any risks or vulnerabilities that could leave your company open to attacks. Definitely worth your time, and could help you keep your cyber insurance premiums down too!