10 Cybersecurity Insurance Trends
When talking about cybersecurity insurance, there’s plenty the public doesn’t know. The idea of cybersecurity (data breach) insurance is a relatively new concept that has been escalated in importance by the massive upswing of ransomware attacks in 2021, most notably the significant attack against Colonial Pipeline. With companies of all shapes and sizes vulnerable to a crippling breach, it seems like cybersecurity insurance is there to “cover the inevitable” … But is that true?
Let’s talk about the biggest developments in cybersecurity insurance, and what you need to know now and into the future. Here are 10 of the largest trends in cybersecurity insurance for 2022.
1. An increase in demand for cybersecurity insurance
Let’s just say the cybersecurity insurance industry isn’t going anywhere. Cyber-insurance is expected to become a $20 billion market by 2025. This trend is primarily driven by the increase in the number of ransomware gangs, the success of their campaigns, and the absence of consistent security controls and data protections in the enterprise. As a result, businesses are turning to cyber-insurance for business continuity.
2. Insurance premiums see increases of 30-50%
One reason for this increase is simple supply and demand economics. Due to this recent cyber attack surge, organizations are breaking the doors down on insurance providers to get covered. In addition, insurance carriers have had more time to gauge the true cost of ransomware and other insurance payouts — and they’re becoming more and more expensive. These two factors have rates going through the roof, and experts don’t project them to slow down anytime soon.
3. Cybersecurity insurance will stop covering ransomware payments
Instead, cybersecurity insurance may only cover damages and recovery costs. In one case, a claim was denied on the basis that the insurer doesn’t cover damages caused by war. This move signals an industry-wide shift by security experts recommending that organizations resist the urge to pay ransoms sent over by adversaries.
4. Government regulators will continue telling cybersecurity insurance providers to stop making ransomware payments
Speaking more in detail about the shift to not paying ransoms… Not paying ransoms — no matter the loss — is an approach being passed from the top-down. This is primarily driven by the massive ransomware payout headlines… Headlines that reinforce extortion tactics and send dangerous signals to other adversaries that are looking for a payday.
5. Many organizations will not qualify for cybersecurity insurance due to their lack of preventative strategies and management
Cybersecurity insurance is not a band-aid you can slap on as a fix for a weak security posture. In order to be covered against a breach many providers are now requiring proof of your current preventative measures.
6. Risk management maturity will become the qualification and gauge for coverage.
Much like other insurance types, if you want better rates you need to show providers you’re less at risk than other clients (organizations). Platforms like PlexTrac are a great tracking tool to report on the improvements you’ve made to your security posture over time.
7. Cybersecurity insurance providers will partner with cyber risk quantification (CRQ) companies to better understand risk
Many insurance providers are partnering with CRQs in order to better understand the security posture — and with that, the potential risk — of new clients. This trend is a response to a process for qualifying customers that was poor, and typically included no real validation or follow-up.
8. Cybersecurity insurance will become a requirement to purchase third-party products or form partnerships.
While cross-organizational partnerships and product purchases have always required thorough vetting, many organizations will soon require cybersecurity insurance for third-party partnerships. This trend only emphasizes the need to get covered… Fast!
9. Attackers are targeting insurance providers to learn more about their clients
Clients are not the only ones seeing increases in attack numbers… Cybersecurity insurance providers have become a popular target for advanced persistent threat (APT) groups and other adversaries looking to gather lists of clients and valuable insights about payout limits, risk values, and more.
10. Cybersecurity insurance providers will become more involved in the incident response (IR)
In order to keep an eye on their exposure, insurance providers are more involved than ever in clients’ incident response teams and plans. Many carriers are building in specific IR steps and pre-approved vendors into their policies. Here’s an example of what that process typically looks like.
After an organization suffers a suspected breach or ransomware attack and informs its insurance carrier, the carrier may provide the organization with a breach coach, who then brings in a pre-approved incident response vendor for containment and forensic investigations. They may also provide a negotiator to work with the attacker in an attempt to minimize the payout and any further damages.