An organisation’s capacity to manage and contain cyber risk has become a commercial imperative. Whether it’s a major outage or a data breach, the potential financial and reputational losses from a cyber event can be devastating.
Dedicated cyber insurance can form a key part of an organisation’s response to managing cyber risk, but evaluating, mitigating and transferring cyber risk is not a tick box exercise.
The Sunday Times recently reported a 64% increase in Cyber insurance premiums which will no doubt raise eyebrows for those Executives who think the cost hike is high. Those who have been subject to a cyber-attack may be less surprised. Indeed, for those having to claim on cyber insurance, the impact of rising premiums and future cover is a significant cost and results in difficult decisions for the business forcing spending to be scaled back in other areas.
The Government’s The State of Security 2023 report says that “despite new strategies and better crossorganisation partnerships, security teams face significant challenges. The bad guys aren’t slowing down, either. Globally, our research found more incidents, longer dwell times and business-impacting damage.”
The Sunday Times recently reported a 64% increase in Cyber insurance premiums which will no doubt raise eyebrows
It is common knowledge that cyber-attacks are here to stay and have always been on the increase. Digital Risk Experts recently worked with a renowned and very well-known corporate name who came under attack from one simple phishing email. The employee thought the email had come from IT asking them to change their login details and boom, the attackers were in and managed to stay scrutinising the business for 6 months, from many different global locations to monitor the financial transactions and ultimately, facilitate a theft.
The fall out was colossal. The fraud that enabled the attackers to steal a large amount of money was really the tip of the iceberg. The cost of responding to the fraud was significant, as was the time spent by Senior Executives reassuring their Board, their employees and customers. The Board instructed a cultural change, to be reflected in people and process through the improvement of IT Security, Data Protection and closing working siloes between inter-disciplinary teams such as legal and IT. Their third-party IT provider had a role to play too - was the business getting all they were paying for from their third-party cloud provider, in particular, as it related to system security? Legal also needed to consider whether to notify the ICO and determine whether it was a formal data breach or a cyber-attack. Their insurance company were instrumental in helping them recover some of their losses.
Digital Risk Experts worked with a renowned corporate name who came under attack from one simple phishing email...The cost of responding to the fraud was significant, as was the time spent reassuring their Board, employees and customers
When cyber insurance became available, as a relatively new insurance product, underwriters had little data on which to base their assessment of risk. As the market has developed and more and more accurate and historical data has become available, underwriters have become better informed about the very real threat of attack and have responded by increasing insurance premiums. Marsh recently reported that premiums increased by up to 66% in the third quarter of 2022 compared to the previous year.
Now that underwriters have more data about the frequency and nature of attacks, they are asking more searching questions of a business to ensure appropriate cover. Businesses should be proactive and ensure they have robust procedures and protections in place to reduce the risk of any attack. As working from home proliferated as a result of Covid-19, a further possible line of attack became apparent and businesses must respond by taking steps to protect the business such as strict password policies and two-factor authentication; reducing the amount of data being accessed, stored and transferred by employees and encrypting sensitive data and personally identifiable information.
Underwriters have become better informed about the very real threat of attack and have responded by increasing insurance premiums
Other ways to demonstrate a robust defence to an Insurer could be to perform regular security maturity assessments to identify potential weaknesses and be able to demonstrate a strong incident response plan in the event of an attack. It is anticipated that those businesses that can demonstrate good cyber attack controls may benefit from price stability or reductions moving forward as competition in the insurance market increases as more insurers move to cyber cover.
No business wants to be in a position where their budget demands a decision being taken between improving cyber security and minimising the risk of attack, versus spending on comprehensive cyber insurance that will cover the business in the inevitable event of an attack. Prevention is always preferable to avoid loss of reputation and maintain business continuity. It is also vital for a business to be able to demonstrate to Regulators that steps are being taken to minimise risk and comply with legal requirements.
Digital Risk Experts can help your business by conducting a comprehensive Efficiency, Compliance and Security Assessment to identify potential weaknesses
The State of Security Report 2023 says that Data is the answer: 91% of respondents agree that better capture and analysis of detection data is one of the most effective tools to prevent successful ransomware attacks. The question is how do organisations do that?
Digital Risk Experts can help your business by conducting a comprehensive Efficiency, Compliance and Security (ECS) Assessment to identify potential weaknesses and recommend appropriate remedial action. This will allow any business to demonstrate to Insurers that steps are being taken to minimise risk and result in reduced insurance premiums.