Cyber threats continue to be one of the most significant risks businesses face. From innovative tech companies to traditional business models, all businesses could be at risk of hacking, phishing, and devastating data breaches. As such, cyber liability coverage continues to be a necessity for most companies.
While it may feel redundant to review cyber liability – after all, you probably purchased a cyber policy within the past couple of years – it’s essential to look at the current trends in cyber insurance to protect your business best.
In our annual cyber insurance trends report, we’ll look at the current cyber liability insurance market, upcoming cybersecurity trends for 2023, and what we see in cyber insurance pricing.
Cyber Insurance Market Update
The cyber insurance market is constantly in flux, thanks to the ever-evolving threats from hackers and other cybercriminals. To be able to offer the liability protection businesses need, the cyber insurance industry must reevaluate its offerings and the current threats regularly.
Let’s dive into what happened in 2022 and where things stand in the cyber insurance market 2023, including the most common cyber attacks from the last year, recent cybersecurity trends, and the industries most likely to face a cyber threat.
Common Cyber Attacks
Cyber attacks affect nearly every business, but factors like the number of employees or annual revenue can change how and when an attack hits. According to the University of San Diego, these are some of the most prevalent cyber attacks:
- Phishing: Phishing is one of the “original” cyber attacks. It uses fake emails and documents to lure unsuspecting recipients into clicking on harmful links and giving hackers access to sensitive information. While more employees can spot phishing emails, hackers have become more sophisticated in their attempts, going above and beyond to make an email or compromised document look legitimate.
- Ransomware: Ransomware uses malware and viruses to invade a company’s software systems. Once the attackers have control of the company’s data or systems, they demand a ransom to return access to the company.
- Cryptojacking: This is a newer style of cyber attack that involves attackers using phishing and other methods, such as physical password stealing, to gain access to a company’s network. The attackers then mine cryptocurrencies on the stolen computers and networks, which requires a vast amount of computing power. The victims usually experience technology downtime and lose computer performance.
- Internet of Things (IoT) Attacks: As more products connect to the internet, from laptops to household appliances, the risk of cyberattacks increases. In an IoT attack, cybercriminals use the least secure IoT-connected devices as gates to enter a company’s data network and computer systems.
Cyber Trends of 2022
Last year we witnessed a continued rise in cyber threats and attacks. Also, more companies implemented cybersecurity processes to help protect them from threats. Many companies used cybersecurity best practices to manage risk (and potentially lower their cyber liability insurance costs), including:
- Employee training
- Updated software and hardware
- Multi-Factor authentication
- Security Audits
- Insurance audits
- Company-wide security processes and procedures
In addition to updating best practices, the cybersecurity industry experienced a few notable shake-ups that could affect cyber insurance, such as:
- C-Suite Liability: Directors and officers are being held liable for data breaches and other cybersecurity issues.
- Nation-State Sponsored Hacking: The Russian war on Ukraine opened the possibility of governments using cyber threats and attacks as an act of war, such as hacking a power grid to remove electricity from citizens.
- California Privacy Rights Act (CPRA): California’s Privacy Rights Act went into effect at the beginning of 2023. Businesses in violation of the act could face civil penalties and private legal action from consumers.
Industries with the Most Cyberattacks
While a cyberattack could affect any business or industry, it’s no secret that some industries receive more threats than others. According to data from Statista, the Manufacturing industry saw the highest percentage of cyberattacks worldwide, with the Finance and Insurance industry the next most targeted:
- Manufacturing: 24.8%
- Finance and Insurance: 18.9%
- Professional, Business, and Consumer Services: 14.6%
- Energy: 10.7%
- Retail and Wholesale: 8.7%
- Education: 7.3%
- Healthcare: 5.8%
- Government: 4.8%
- Transportation: 3.9%
- Media and Telecom: 0.5%
How Cyber Liability Benefits All-Sized Companies
It’s typical for criminals to be opportunistic, and cyberattackers are no exception. It’s no surprise that attackers can target businesses of any size and may even target more than one business at once. Additionally, cybercriminals have formed organized crime rings, making it easier to target any company with weak spots in their cybersecurity protocols.
Adding cyber liability insurance to your company’s cyber risk management plan helps protect your business from the financial fallout of a cyberattack. Cyber liability coverage is an insurance policy that kicks in after a cyberattack. Similar to how a commercial property insurance policy helps your business cover the costs of physical losses, cyber liability coverage enables you to recover from the loss after a cyberattack.
For example, suppose your company’s databases are breached in a phishing attack. Your cyber insurance could help cover the cost of recovering the data, notifying customers of the breach, and hiring a PR firm to help manage your company’s reputation after the attack.
Generally, cyber liability policies include four main coverage types:
- Loss of electronic data
- Loss of income
- Cyber extortion losses
- Notification cost and reputation management
The specific coverage of cyber insurance varies between policies. You can often customize your cyber coverage to fit the needs of your business. For example, if your business stores customers’ personal data, you may want your cyber insurance to include credit monitoring services for customers after a breach.
Cyber Liability Claim Example
We can better understand the risk of cyber threats and the benefits of cyber liability coverage by looking at a typical example of a cyber claim. With the average cost of a data breach expected to reach $5 million this year, companies must make time for cybersecurity. Yet, human errors still exist and sometimes can cause catastrophic effects for a business.
For example, an employee in the accounting department gets a sophisticated phishing email from what looks like a customer’s bank. A few telltale signs of phishing – such as misspelled words, poor grammar, or questionable email domains – lead the employee to assume the message is authentic.
Unfortunately, the employee downloaded the attached files from the email, exposing the entire network system to a ransomware attack. The ransomware exposes customer data and causes the company to lose control of its databases and computing systems.
Although the company was able to recover the data, the cost was over $2 million. Additionally, the customer must notify over 300,000 customers that their data was exposed in a breach, leading to decreased customer trust and the need to hire a reputation management firm.
Luckily, the company protected its business with cyber liability insurance, which covers the cost of recovering the data from the attackers, notifying government agencies and customers of the breach, and managing its reputation.
Factors Impacting Cyber Insurance Pricing
There’s no one-size-fits-all for cyber insurance, so cyber pricing will vary between businesses. The amount your company might pay for cyber liability coverage depends on several factors, such as:
- Data Collection and Type: A company that collects and stores personal data, primarily financial or other sensitive data, will face more scrutiny to protect said data. Cyber pricing could be higher for these companies than those that don’t store sensitive data.
- Location: As with most types of insurance, your location will play a role in insurance costs. Regarding cyber insurance, underwriters are looking closely at state and local regulations regarding data and privacy.
- Industry: As mentioned earlier, specific industries are at higher risk for an attack than others. If you’re in an industry more likely to face an attack, you may pay more for cyber coverage.
- System Security: Companies with the latest security updates and protections could see lower cyber insurance pricing. On the other hand, a company that uses outdated or at-risk systems could pay more for coverage.
- Loss History: Your location, claims, and loss history can affect your insurance rates and needs. Underwriters carefully consider loss history – and any changes you made after a loss – to understand the risk your business faces better.
- Revenue: The more income you have, the more you stand to lose in a cyberattack. Based on revenue, larger companies will likely need more coverage than smaller businesses.
- Customer and Employee Numbers: A data breach is a significant problem for any business, but a larger company will likely have more data on customers and employees. Your risks in a data breach increase with each new customer or employee whose data you collect or store.
Cyber Insurance Outlook for 2023
Cyber insurance underwriters expect cyber risks to increase in 2023, meaning cyber insurance is more critical than ever. And with proposed regulations from the SEC on the reporting and handling of cyberattacks, businesses must prepare now to face future cyber issues.
One of the biggest concerns around the SEC’s proposed rules is the expansion of liability. A business without a robust cybersecurity strategy, including expansive procedures for assessing and managing a data breach, could face directors and officers (D&O) litigation in addition to cyber troubles.
This increased pressure on C-suite liability could benefit businesses where not all stakeholders were on board with cyber coverage. More executives may find value in adding cyber coverage as more litigation comes out against C-suite-level employees for cyber issues.
Fortunately, preparing for the SEC rules and addressing C-suite liability can help companies lower their cyber insurance costs. Increasing your cybersecurity controls and procedures reduces your company’s risk of a data breach or successful cyber attack.
Companies with less risk generally receive better insurance rates than those who are higher risk. In addition to adding controls to your cybersecurity plan, you can secure the best rates by helping underwriters understand what you’re doing to prevent cybersecurity threats.
For example, you can provide your insurance agent or broker with a detailed outline of your cybersecurity strategy and protocols, including your plans to mitigate data loss.
However, underwriters note that even as more businesses look to add cyber liability to their risk management plans, finding coverage isn’t always easy. Some companies are using captive insurance to get around the difficulty of traditional insurance underwriting. Larger businesses — specifically those with an existing captive program — may find this to be an appealing alternative to traditional cyber liability coverage.
Conversely, smaller businesses or those without an existing captive insurance program in place may not be able to set up a captive plan for cybersecurity insurance alone. The good news for these businesses is the expansion of cyber capacity from traditional insurance carriers continues to increase.
5 Tips to Manage Cybersecurity Risks
We know that cyber threats aren’t going away anytime soon. In fact, cybersecurity issues will likely continue to rise along with the use of new technologies. While cyber insurance is an important part of a cybersecurity plan, it shouldn’t be your first line of defense against cyber threats. Use these five tips in addition to cyber insurance to help lower your cyber risks:
1. Employee Education and Training
Over 85% of cyber incidents are the result of human error. From clicking on phishing emails to accidentally sending sensitive data unencrypted, employees pose a major cybersecurity risk. However, employees are also the most essential aspect of a business. Adding employee training and cybersecurity education can help reduce the risk of human error. This approach could include training on creating strong passwords, avoiding suspicious downloads, and educating employees on current trends and threats in cybersecurity.
2. Secure Networks
In the office, it’s easy for employers to secure networks and internet connections. However, with many employees working remotely, employers may have less control over the network an employee uses. For example, incorporating a virtual private network (VPN) gives employees a secure way to connect with company data and systems over unsecured networks.
3. Audit Regularly
From your cybersecurity strategy to vendor security, auditing your cybersecurity systems will help lower your risks. This might include sending fake phishing emails to test employee responses. Or, you may need to go through your cloud storage providers like Good Drive or Dropbox to see where data is being stored and who has access to that information. If you find a weak link in your cybersecurity systems, address it head-on to close the risk.
4. Update Security Features
Technology has a way of constantly evolving. And while those near-constant reminders to update software or download security fixes may be annoying, they’re important to protecting your business from cyber risks. Keeping your security and software systems up-to-date is one of the best ways to prevent an unexpected cyber attack.
5. Implement Multi-Factor Authentication
Introducing new security measures is one of the easiest ways to improve your cybersecurity. Multi-factor authentication (MFA) uses a two-or-more-step process to access restricted content or data. For example, a two-factor authentication system may require employees to log in using their username and password. After inputting the correct password, the employee must open an app on their mobile device and enter a short-term security code. This extra step could significantly reduce the risk of hackers accessing company systems.
Understanding the details of what cyber coverage your company needs can be confusing. Founder Shield specializes in knowing the risks high-growth companies face to make sure you have adequate protection. Feel free to reach out to us, and we’ll walk you through the process of finding the right policy for you.