In this second part of the blog series on the connection between cybersecurity and insurance, we dive into the role insurance plays when thinking about potential cyber-attacks.
As mentioned in part 1 of this blog series, knowing the true impact of cyber events informs decisions on investment. Impact reduction can allow leaders to choose between different insurance policies and technical controls. For those that choose to buy insurance, many have considered policies that exclusively cover cybersecurity risks. These insurance policies have gained a lot of momentum in the recent years. Due to increasing threats and concerns, predictions say that the cybersecurity insurance market will grow from the $7.36 billion in 2019 to the $27.83 billion in 2025. That’s a CAGR of 24.30%. Evidently, insurance has changed and grew a lot from what it once was.
The Evolution of Cybersecurity Insurance
Cybersecurity insurance began in the 2000s. These early policies had a very small coverage scope and a lengthy due diligence process. However, these policies and processes evolved as the threat landscape changed. With more cyber threats, less questions were asked, and the due diligence process shortened. This left brokers more focused on increasing transactions. Often, they did not have a full understanding of the potential impacts.
As more cyber events were realized, insureds began to discover that the clauses and exclusions within their insurance left them uncovered. This led to contentious court battles between insureds and their insurance companies and delayed the collection of coverage.
2020, The First Year Insurance Companies Lose Money
A large change for the insurance industry came in 2020. With a large number of ransomware attacks, this past year could be the first year insurance companies lose money to these cyber incidents. As mentioned in our 50 Ways to Stay Secure Working Remotely webinar, there was a 715% year-over-year increase in ransomware attempts alone. Remote work, remote learning and the overall increase in technology reliance is not going anywhere. Many insurance companies may be rethinking their policies and possibly restructuring them. Additionally, some may even consider leaving the cybersecurity insurance market or reducing their coverage.
Considering Your Entire Insurance Portfolio, Beyond Cyber Policies
With nuanced exclusions and clauses, there has been a lot of confusion around coverage. Because cyber-attacks often result in losses to an organization that’s covered by traditional insurance policies, those policies must be considered as well. For example, a cyber-attack that leads to physical destruction such as property damage may involve a property insurance policy. Other traditional policies that could possibly be impacted by cyber-attacks include general liability, D&O and more. The language within these policies is often vague and open to debate when it comes to losses endured from a digital attack. It’s important to stress test these policies against possible cybersecurity scenarios to understand coverage. Knowing the gaps and limitations within your policies can inform decisions on how to improve your cyber risk management.
In summary, organizations should keep these considerations in mind:
- Defensive controls cannot prevent all cyber attacks
- Clauses and exclusions within your policies can leave you uncovered
- Significant cyber events may impact traditional insurance policies
- You must consider your entire portfolio when assessing cyber-readiness
Navigating Through Uncertainty with Axio360
Axio360 shines a path through the fog of cyber event uncertainties. With Axio360 you can obtain transparent, quantified risk information that can be aligned with your insurance portfolios. Our platform makes sense of all your insurance policies with a simple upload. With Axio360 it’s possible to bridge insurance with quantification. This way users can easily determine the gaps in their policy and develop plans to address vulnerabilities.
For a limited time until January 31st, 2021, upload your insurance policy and get a free policy review.
Stay tuned for the next post of the series as we dive into how you can use Axio360 to bridge quantification and insurance.
*** This is a Security Bloggers Network syndicated blog from Axio authored by Axio. Read the original post at: https://axio.com/insights/considering-insurance-in-the-cybersecurity-equation/