After a challenging couple of years, we anticipate what 2022 has in store for us. On the one hand, we watched as cybercriminals took advantage of every slight vulnerability. On the other hand, companies stumbled through shifting operations and procedures with more grace than some experts predicted. Unsurprisingly, cyber liability insurance became a must-have instead of an option. So, what’s on the other side of this massive digital evolvement? Let’s review what we learned in 2021 and how those lessons will unfold in 2022.
Understanding the Cyber Landscape
Back when The Morris Worm unintentionally became the first Distributed Denial of Service (DDoS) attack, very few individuals imagined the threats that would soon become commonplace. Nowadays, words like “phishing” and “worms” conjure up pictures of more than a day on the lake.
Most Common Cyber Attacks
Instead, cyber attacks impact businesses of all sizes daily, from global corporations to ten-person startups. Naturally, the cost of cyber liability insurance relies on various factors, including a company’s level of data protection. That said, here are a few of the most common attacks we see in today’s world:
- Ransomware: This malware denies the victim access to their data unless they pay a ransom fee to the attackers.
- Phishing: This attack consists of fraudulent emails sent inconspicuously with malicious files attached intended to gain access to the victim’s device.
- Password Attack: By accessing a victim’s password, cybercriminals can gain entry to critical data and systems.
- Denial of Service (DoS) Attack: In this attack, cybercriminals flood systems and networks with traffic to overload their bandwidth so that they can’t process requests.
- Internet of Things (IoT) Attack: Hackers can gain entry through any gate and then access other devices in the network.
Most Targeted Industries
Cyber perils are the most significant concern for companies all across the world. And for a good reason. Ransomware attacks have all but haunted executives’ dreams, not to mention the threat of IT outages and other data breaches. However, some industries are hit harder than others, whether because of targeted attacks or unique vulnerabilities. According to Forbes, here’s a look at how cyberattacks played out in specific industries:
- Education and research sector up by 75%
- Cyber attacks on the healthcare sector up by 71%
- ISP/MSP up by 67%
- Communications +51%
- Government and military sector up by 47%
We experienced an all-time high in cyberattacks during 2021, with Q4 taking the most blows. According to BusinessToday, cyber attacks increased by 50% in 2021 compared to the previous year. Yet, we see many of the same industries continue to be prime targets, as outlined in the graph below.
Why Companies Need Cyber Liability Insurance
Cyber liability insurance protects companies from third-party lawsuits relating to electronic activities (i.e., data breaches, phishing scams, etc.). It also provides many recovery benefits, supporting data restoration and reimbursement for income lost and payroll spent.
As mentioned above, cybercriminals think little about your company’s size or developmental state. If 2021 proves anything, it’s that hackers will attack when they suspect the slightest vulnerability. Unfortunately, US data breaches average about $4.24 million, according to IBM’s 2021 Cost of a Data Breach Report, requiring all-sized companies to consider cybersecurity a top priority.
Additionally, many directors and officers feel increased pressure to mitigate cybersecurity better. With remote work and hybrid schedules the “new norm,” executives now face vulnerabilities never seen before. Yet, the pressure builds to maintain best cybersecurity practices throughout their employees, mainly to protect the company’s digital assets.
For example, if a data breach occurs, a shareholder’s suit may hit directors and officers incredibly hard, thus utilizing D&O insurance for cyber claims. Unfortunately, we expect this type of litigation to continue in the future.
EVP and Customer Success Manager Rachel Jenkins explains further, “We are starting to see more, still limited but increasing, cyber claims bleed into D&O through shareholder litigation as there is an increased fiduciary duty on the C-suite to maintain proper cyber controls through regulation and industry requirements.”
Factors Impacting Cyber Pricing
As with any other line of commercial insurance, cyber liability relies on a set of factors to dictate pricing trends. Although underwriting is becoming more automated, facilitating artificial intelligence and machine learning, the following factors impact this policy’s pricing.
- Employee training: Most successful cyberattacks occur because of human error. It only takes one exposed file or answered phishing email to cause a massive data breach. As a result, it’s vital to revamp your security training protocol. Teach your workforce how to identify and avoid cyber risks.
- System security: When the system screams at you to update, do you immediately ignore the suggestion or update? Sometimes breaches happen because of outdated software, even when the solution is in the update all along — remember the 2017 Equifax breach?
- Data collection: What kind of data does your company store? All data is not equal, so you must take the appropriate precautions according to your data collection and storage type. Companies must be cautious with financial, personal, and sensitive data.
- Loss history: Insurance underwriters use your company’s history, along with industry information, to determine your risk level. We’ve said it before; your past paints a picture of future loss exposures. Keep your loss history in mind when figuring out the right cyber liability policy for your needs.
- Location: Insurance rates often rely on a company’s location as state-level regulations and litigation can unfold quickly, impacting other businesses nationwide. For example, California-based companies must handle sensitive data according to the California Consumer Privacy Act (CCPA). Different states have similar laws and regulations that impact cyber liability costs.
Additionally, as we officially wrap up 2021, consider the results below regarding cyber renewal pricing changes:
Source: Cyber REDY Index from CRC Group
Cyber Liability Insurance Outlook for 2022
Cyber incidents have increased globally over the past few years. Plus, more companies than ever before are purchasing cyber liability policies, nearly doubling the number of policies in force from a mere five years ago. Naturally, we expect these events to impact the state of the insurance market.
Besides increasing demand, we see terms and conditions tightening, thus shrinking the supply as insurers and reinsurers reevaluate their risk appetite. Most insurers are more selective, requesting more documentation about a company’s cybersecurity practices. Underwriters want to know about employee training and awareness, not to mention new risks because of various operational changes brought about by the pandemic.
Unsurprisingly, the shifting cybersecurity landscape and new demands have caused premiums to increase. We will likely experience these elevated premium levels throughout 2022. Coinciding with higher premiums, most insurers have also decreased their coverage limits.
5 Tips to Manage Cybersecurity Risks
It probably comes as no surprise that some insurers have even considered whether specific coverages, such as ransomware, are worth covering anymore. Still, as these changes unfold, we have several tips to help you manage cybersecurity risks.
1. Know the Landscape
Dive deeply into cybersecurity so that you can follow the “keep your friends close, keep your enemies closer” philosophy. Please recognize that you might not have all the answers, and recruiting help (i.e., managed IT service provider) might be your best bet.
Keep a watchful eye on your competitors regarding what’s ailing them cyber-wise. Have they faced an attack? If so, what type of threat was it? How did they avoid it or rebound from it? This information will give you a unique and customized look into the challenges you might face.
2. Improve Cybersecurity Culture
Data protection undoubtedly falls back on the executive’s shoulders; however, the entire company must be on board with the cybersecurity culture. Employee training helps with this approach, mainly because employees are typically more willing to support cybersecurity protocols when they play a vital role.
3. Support Strong Passwords
Weak passwords caused loads of data breaches in the past year. So, along with employee training, implement a strong password program. For example, some companies require employees to change their passwords every three months or less. It’s a tiny step in the right direction that can potentially prevent a massive mishap. By setting new standards for password protection, you are also bolstering your cybersecurity company-wide.
4. Implement Software Updates
We’ve all ignored software updates, slamming through work on less than full strength. We get lucky most of the time, and hackers miss their opportunities. But it only takes one time for an entire system or network to crash, causing delays and financial headaches. We encourage you to listen to the update prompts, whether from your programs or a trusted IT professional.
5. Protect Your Assets
Lastly, as four-time Iditarod champion, Martin Buser says, “You’re only as fast as your slowest dog.” Regarding all the areas of vulnerability, don’t let cybersecurity be your slow-poke. Work diligently with your commercial insurance broker to tailor a policy for your company’s needs, so your coverage keeps pace with your progress.
Remember, the world as we know it can change in a heartbeat. We’ve seen this happen in real-time. It’s best to be ready for life’s curveballs, and we’re here to help you stay on top of market trends. So, join us as we roll out our Risk Management Insights: D&O Insurance Trends each quarter.
Want to know more about cyber insurance? Talk to us! Please get in touch with us at email@example.com or create an account here to get started on a quote.