Cybersecurity Insurance in 2021 has been harder and considerably more expensive to get than in years prior.
There have been three significant changes to cyber attack insurance in 2021:
- Premiums are higher than ever.
- It’s more difficult for companies to be insured.
- National governments are advising against paying certain ransoms under threat of punishment.
Ransomware Insurance premiums are higher than ever
There has been a 500% increase in cyber claims in 2021 compared to 2020. In response, carriers have increased their premiums by about 75%, but some have increased it by 1000%.
$1M of coverage was about $2500/year pre-2021. In 2021, it’s risen to $3500 or more.
Threat actors are demanding more and more in ransom over the years. They’re now requesting multimillion dollar amounts where previously they were only asking for tens of thousands of the dollars.
Why are threat-actors asking for more? Because they’ve asked for ransoms before and they’ve gotten it. They realize that people are paying, so they just keep pushing up the price to see what they can get.
Because of the increase in frequency and the increase in cost, cyber insurance companies are bleeding. They have raised premiums and are making it more difficult for companies to be insured than ever before.
Ability to be get cyber liability insurance is more difficult than ever
Insurers have also tightened the requirements for insurance. If certain precautionary steps are not taken and maintained, an insurance company can refuse to payout the terms of the claim. Or they may ask the policyholder to front the ransom, requiring a small- or medium-sized company to potentially have a million and some change available to pay the hackers before the insurance company reimburses them.
To help pick the best cyber insurance policy for your company and uphold the terms of your insurance, it’s important to have a competent IT department. They can also help protect your company from cyber attacks. But even the best IT department cannot guarantee you will never be hacked; so cyber insurance is a must.
Security controls needed to be insurable are minimally using Multi Factor Authentication (MFA) for email and remote access, but the requirements have been increasing greatly and different per carrier. Additional requirements including advanced protection against your email domain from being spoofed, intrusion detection systems, AV, backups, disaster recovery, 3rd party audits and penetration testing, encryption of critical data.
Paying ransom to hackers could be illegal
It doesn’t seem like it should be legal to pay threat actors online, and the topic has been much discussed recently as ransom prices go up and cybercriminal groups or state-sponsored hackers get more bold.
In October 2020, the U.S. The Treasury Department’s Office of Foreign Assets Control (OFAC) warned against making ransomware payments to a list of cybercriminal groups or state-sponsored hackers. If a privately-own company is found to have violated international sanctions, a company could be paying twice: once to the hacker and again to the rule of law.
This recent restriction on ransom payments potentially puts attacked companies at a disadvantage and reroutes their path to repair and recovery.
Having cyber insurance gets a company quick access to a knowledgeable legal team who will best-know how to navigate such potential pitfalls.
For full service IT support, contact XL.net today
IT services can help reduce your risk by up to 80%.
Small- to medium-sized businesses often make the mistake of thinking they are too small to be hacked, but that’s simply not true. They are frequently targeted and often have much more risk than big companies since the effects of a security breach tend to be more damaging. Plus, outside hackers aren’t the only threat to a business — human error is another big concern.
As a trusted cybersecurity services company in Chicago, XL.net can help with all of these issues and more. We provide comprehensive cybersecurity solutions to SMBs as part of our managed IT and technology alignment services.
Contact us today to get started assessing your cyber security.