Ransomware attacks are on the rise and cyber insurance is becoming more and more of a necessity every day. Organizations that find themselves with poor cyber hygiene AND no ransomware insurance are asking to be attacked. It’s a perfect storm for threat actors.
To protect your organization you should:
Typically ransomware coverage has been included within more generalized cyber policies. As time goes on though, stand-alone cyber policies that cover ransomware are becoming more readily available.
Here’s the catch: protecting against one potential cyber-attack type is hardly “comprehensive” coverage and could be easily exploited.
Many organizations are turning to kidnap and ransom policies for coverage. These kidnap and ransom policies are meant to be used to protect executives, not protect from ransomware. These policies were not designed with ransomware in mind. That means that payouts tend to be lower and the coverage is less comprehensive.
The right move is to get a comprehensive cyber policy that protects your organization across the board. Skip out on the gimmicks, it’s not worth the risk.
The answer is invariably yes.
Insurance costs can be difficult to swallow. The alternative if you experience a cyber attack is not pretty.
Just ponder this:
Can you think of any other business risk that you have no control over, that could completely lock down your operations and permanently close your doors in just a couple weeks?
There are very few risks that large. A cyber-attack event is one.
So now the question is: how much does it cost? What should I look for in my cyber insurance policy? What can I do to reduce my risk?
Let’s break it down.
The national average cost for cyber insurance in 2019 was $1,485 per year in the U.S. This number is highly variable depending on several factors, the key ones being the nature and size of your business. Obviously, if you handle insurance for an organization of 1000 people, your cost isn’t going to be $1,485 a year.
Insider Insight: Cyber insurance companies have found themselves paying out huge amounts to attackers over the past 12 months. As a result, premiums on cyber insurance are rising rapidly. Many estimate premiums on cyber insurance will increase by a minimum of 1.5x up to 4x when your organization goes to renew your cyber insurance. Insurance companies don’t like losing money, this is their solution.
So if you have a company with annual revenue of $1mm, with a $10,000 deductible and liability limits of $1mm you can expect to pay around $1500-$2500/year on a cyber insurance policy.
Important note: cyber insurance isn’t standardized, your organization should review all policy language with a broker before making a decision. Unfortunately, policies can vary significantly in the language used and their policy options. At minimum, it is recommended to find a policy that provides coverage for extortion demands/payments and covers lost income as a result of an attack.
You should look for policies that use broad terminology and those that protect against a wide range of threats. Especially lookout for the following:
Cyber insurance policies and premiums will vary highly depending on the nature of your business. It is especially dependent on if you store sensitive records, what types of risk management policies you have in place, and several other factors.
This means that the only way to find the best policy for your organization is to work with a broker. It’s important to remember that insurance companies are a business and they expect to make a profit, in 2021/2022 most insurance providers will no longer provide coverage unless you follow basic risk management procedures. This means doing things like implementing multi-factor authentication and training your employees on cyber risks.
Mitigating cyber risk is much like mitigating financial risk in your organization. Think about who has access to your computer-based operations and why. The largest vulnerability for your organization is the people within it. The majority of cyber events start as a result of human error.
Managing cyber risks is a continuous battle. Cyber-criminals are always finding new ways to attack companies. This means to maintain protection (and compliance) you need to continuously test and assess your companies risk management policies. What worked a year ago may no longer be effective. We tell our clients that managing cyber risk, especially for those in high-risk industries, should be considered an operations expense. To maintain operations you must continuously assess, track, and mitigate cyber risks.
Wondering where to start? A good place to kick this process off is with a cyber security assessment of your business.
We get it, it’s hardly exciting and can often leave our clients feeling frustrated. That’s why we recommend working with an agency that specializes in managing these things. At Techfive, that is what we do.
The way I explain what we do to our new clients is that we are managed service partners built for the modern world with a security-first mentality baked into every step of our processes.
We can help you handle compliance, cyber risk management, work-from-home tech and so much more.
If you would like to know more, feel free to schedule a free 30-minute discovery call with us by clicking here.
Marketing Manager @ Techfive | Working to make B2B brands more personable & human.
Let's upgrade your tech game
Get great tips, answers to big questions, and expert advice right to your inbox 2x a month.
"Always prompt on response whether in person or by phone! Very nice and friendly employees and very helpful!"
2022 Techfive, LLC.