As insurance professionals, we always talk to our clients about the need for Cyber Liability insurance. News about the rise in ransomware, business email compromise (BEC), data breaches, and other sophisticated cyberattacks is continuously front and center.
A cyberattack or network interruption can be devastating for an organization. Concerns about financial liability from these massive databases include significant judgments in potential client lawsuits, fines from regulatory agencies, and ransoms extracted by those wielding ransomware against an organization.
According to a 2022 NetDiligence report, which reviewed claims costs of small to midsize enterprises (SMEs) from 2017 to 2021, the average cost of legal/regulatory services was $82,000. The average cost for crisis services (breach coach counsel, forensics, notification, credit/ID monitoring, and PR) was $110,000. The average ransomware amount was $262,000, which is the leading cause of cyber loss for SMEs. Business interruption claim costs were at $340,000.
As a result of the frequency of cyber claims and the rise in related costs, insurers have implemented much stricter underwriting requirements, including making cybersecurity protocols mandatory. It’s not only our clients who have to work toward cyber resiliency – our industry must do so as well.
Cybersecurity in the insurance industry is as necessary as in other sectors. Criminals use the same cyberattacks and techniques to find information they can sell or hold hostage for money. However, the insurance industry is unique because it consumes, stores, and transmits vast amounts of client information. It is a big data industry, and much of that data contains sensitive personal information ready to be compromised, held for ransom, and sold.
Time for Cyber Readiness, Digital Fitness
Following are cybersecurity measures you can implement at your agency and share with your clients.
- Perform an assessment that probes the business impact of loss scenarios. Identify gaps and vulnerabilities within each scenario and close those gaps.
- Design procedures and training to prevent harm to critical assets and to help employees be vigilant about potential cyberattacks.
- Put the proper mechanisms in place to detect a cyber threat before an incident happens.
- Keep data protection and security software solutions updated regularly to prevent threat actors from gaining access through unpatched or vulnerable systems.
- In the event of a cybersecurity incident, review what procedures are in place to prevent the spread of the attack without affecting critical business operations. For example, can you identify the infected data sources (devices and servers) and isolate them so that the infection does not go beyond the already affected hardware?
- Have an incident response plan detailing different teams’ responsibilities when there is an attack.
- Implement the proper automation tools and services to get back on track after an event. In addition, have a mechanism in place to recover lost data (backups).
- Continually test protocols to ensure effectiveness and evolve in an ever-changing digital environment.
Invest the time and money to protect your systems and data.
*Contact a Cyber Security Expert before making any changes