Can you imagine having all of your company’s data stolen and held for ransom? It sounds like a scene in a movie, but unfortunately it’s a very real nightmare that businesses of all sizes experience every day.
The FBI’s Internet Crime Complaint Center (IC3) received 3,729 complaints of ransomware in 2021, with adjusted losses of $49.2 million. This likely only represents a fraction of the actual ransomware attacks, since not all attacks are reported.
The Cybersecurity & Infrastructure Security Agency (CISA) warned that 2021 trends indicate an increased globalized ransomware threat. Many hackers have started focusing their attention on midsized victims and using additional methods to extort money from their targets, such as threatening to release stolen data.
Data from other sources shows cyber risks have continued to increase since 2021. Check Point says global cyberattacks increased by 28% in the third quarter of 2022 compared to the same period in 2021. This is clearly a problem that’s not going away.
Your Business Needs a Cyber Response Plan
Cyberattacks are taking a major toll on both businesses and insurers.
Sophos found that 66% of organizations had been hit by ransomware in the last year. The average ransom demand was $812,360, but the average cost to remediate an attack was $1.4 million. It takes businesses an average of one month to recover. Paying the ransom doesn’t necessarily ensure a smooth recovery, either: 46% of victims paid the ransom, but only 4% of those who paid received all their data back.
If your company experiences a ransomware attack, the affected data might be gone forever. This is why you need segregated backups that a ransomware attack won’t touch. Having backups doesn’t mean you don’t have anything to worry about, though. Hackers may sell your data and, if the attack involves personally identifiable data, you’ll likely have to comply with state data breach notification laws.
Cyberattacks are disruptive and expensive. They’re also incredibly common. For this reason, businesses need a cyber response plan as well as cyber insurance. An experienced cyber team can help you when a crisis happens by negotiating the ransom and advising you on the most effective and compliant strategies.
Cyber Insurance Rate Hikes
As cyber exposures increase, cyber insurance premiums keep rising. The Council of Insurance Agents & Brokers (CIAB) shows that cyber premiums increased somewhat in 2020, with a 4.4% increase in first quarter and a 7.7% increase in the third quarter. Then 2021 brought steeper hikes, with a 25.5% increase in the second quarter and a massive 34.3% increase in the fourth quarter. In the third quarter of 2022, premiums increased 20.3%.
The main cause of these premium hikes is clear: cyberattacks are driving demand and claims, pushing prices upward. In CIAB’s Q2 2022 P/C Market Survey, 85% of respondents reported an increase in demand for cyber and 64% reported an increase in cyber claims.
Cyber Insurance Is Still Critical
With the recent surge in cyber premiums, some business leaders may be wondering whether cyber insurance is worthwhile. It is.
Due to limits and exclusions, property, general liability, and even crime insurance policies often don’t provide adequate coverage for ransomware attacks and other cyber risks. If you don’t have cyber insurance, you could end up having to pay the costs and navigate the situation on your own.
Control Your Cyber Insurance Costs
Cyber insurance rates are high, but there are tactics you can use to control your costs:
- Level up your cybersecurity practices. Improving your cybersecurity can help you control costs in two ways. First, when you apply for cyber coverage, the insurance company will want to see evidence of strong security practices. If you have top-notch controls in place, you may be able obtain better rates. If you don’t have strong cybersecurity practices, you might not be approved for any coverage. Second, strong cybersecurity practices can decrease the chance of a successful cyberattack against your company.
- Consider accepting a larger deductible or retention. When you choose a higher deductible, you’re accepting a larger share of the risk. As the insurer is taking on less risk, you’ll pay a smaller premium. Choosing a higher deductible can be a good way to lower your premium costs, especially if you’re implementing strong risk management strategies that will reduce your risk of a claim. While you’re accepting more risk, you’re also limiting your company’s exposure to a catastrophic loss, and as an insured company, you’ll have access to risk management resources to prevent attacks as well as expert guidance to help you respond and recover in the event of a hack, ransomware situation or data breach. Your insurance may also help with your defense if you are sued.
Do you need guidance on cyber risk management strategies? The Heffernan Insurance Brokers team is here to help. We have extensive experience in navigating cyber exposures, and we can help you structure a policy that fits your budget. Learn more.