As we enter into the new year, cybersecurity has likely been on the mind of many executives, and for a good reason too. In the modern world, consumers expect companies to protect them. Here’s what you need to know about cyber insurance trends going into 2020.
What Are Most Common Cyberattacks?
With cyberattacks steadily increasing over the past several years, 2019 was another high-risk year for many industries. Whether it’s tricking a computer or playing into human vulnerabilities, here are a few the most common cyberattacks both in 2019 and overall:
When a cybercriminal installs malicious software in your system without your consent, it can wreak havoc on your daily business operations. Malware can spread from system to system or lurk in a single app. Some popular tactics are Trojans, Macro Viruses, Spyware, File Injectors, Adware, and plenty more.
As mentioned, not all cybercriminals prey on under-protected computer systems. Some depend on human weakness to execute their cyberattack. Phishing is an excellent example of this strategy. A phishing attack occurs when a cybercriminal sends fraudulent communications via email. Although the email seems legit—typically appearing from a trusted source—it’s meant to install malware or trick people into handing out personal and sensitive information.
When a cyberattacker stealthily slips themselves into your system between a two-party transaction, such as public Wi-Fi, it’s called a Man-in-the-Middle (MitM) attack. This process interrupts your traffic by installing malware, giving the cybercriminal plenty of time and space to steal your information.
Often used by hacktivists or competitors, Denial-of-Service (DoS) attacks overtake your networks to drain your resources and bandwidth. What this attack does is stops your system from fulfilling authorized requests—from clients or customers, for example. Strangely enough, this particular strategy doesn’t offer the cyberattacker any benefits, such as gaining access to secure information. It’s genuinely meant to work as a “fallen tree on the road.”
SQL Injection Attack
When a cyberattacker uses malicious code to force your Structured Query Language (SQL) servers into divulging sensitive information, it’s called an SQL injection attack. Aside from the initial exposure, these attacks are horrifying since they can modify your data, dictate administrative operations, or command your operating system.
Which Companies Face the Most Significant Risk?
While it’s correct that some industries face more online exposure than others, it’s not always the type of business that cybercriminals are scoping. According to a 2019 AppRiver survey, 58% of executives at small-to-medium-sized businesses (SMBs) are more worried about a data breach than even a catastrophic event, such as a flood, fire, or break-in.
What this research shows is that over half of SMBs executives are fully aware of the risks they run in operating a business. According to the survey, 48% of these leaders know that a data breach would shut down their business altogether. When it came to financial services and insurance, the number jumped to 71% of SMBs, reporting that a significant breach would close their doors.
Along those lines, here are a few specific industries that face a high risk of cyberattacks:
- Financial institutions – According to Business Insider, financial institutions are 300 times more likely to be targeted for a cyberattack. The disappointing news is that more financial institutions are ill-equipped to handle an attack.
- Healthcare organizations – Any business in the healthcare sector likely has mounds of personal information, such as health records and patient information. Cybercriminals sure aren’t ignoring this wealth of data as breaches in this space only continue to rise.
- App-powered companies – It’s no joke that cybercriminals are vamping up their level of sophistication with multi-step strategies and tactics. However, companies driven by apps, such as Uber, are an optimal target for malware.
- Cryptocurrency companies – According to City National Bank, cryptocurrencies are inconsistently regulated, making complying with SEC regulation a massive headache. To make matters worse, the thrill of investing in digital currency is also its downfall. Handling “keys” and other sensitive information bumps cryptocurrency companies up to a high-risk category.
Why Do You Need Cyber Insurance?
According to Statista, as displayed in the chart below, the average cost of a cyber claim in the US and worldwide continues to climb.
Does your business have adequate contingency plans in the case of a cyberattack? From malware and loss of data to reputational damage, the fallout from an attack could be detrimental in various ways. Business interruption can also cost your company a significant amount of income.
Mitigating the situation is another substantial cost associated with a data breach. Notifying customers, providing credit monitoring services, restoring files and computer systems, dealing with lawsuits, and paying regulatory fines create additional financial loss following the cyberattack.
As well as your financial security, a cyberattack could also put your reputation at risk. While plenty of trustworthy companies do experience breaches, a data breach does not exactly communicate security and trust.
What Factors Affect Cyber Insurance Pricing?
Several factors dictate how much a particular company will pay for cyber insurance. However, according to FitSmallBusiness, most small businesses’ annual premiums range from $1,000 to $7,500 for a $1,000,000 limit policy, depending on industry and exposures.
While cyber insurance underwriting practices are becoming increasingly more standardized, there are myriad risk factors that must be considered on an individual basis.
How secure are your systems?
System vulnerabilities are a cybercriminal’s best friend. To keep cyberattacks at bay, you must have secure systems using updated programs and robust security features. Underwriters consider these controls and procedures while rating your program.
What is your security training protocol?
Employees handling your company’s data need proper training on how to identify and avoid cyber risks. One exposed file or answered phishing email could be the vulnerability that subjects you to an attack, so personnel must be prepared to catch these. Hiring IT specialists and conducting employee training are important controls in the eyes of an underwriter.
Do you have a loss history?
In the insurance world, your past paints a picture of future loss exposure. History of repeated claims unveil areas of security flaws to the underwriters.
What type of data do you collect and store?
As mentioned, financial institutions and healthcare organizations are some of the most heavily targeted by cybercriminals, mainly because these companies store high amounts of financial and personal information. Insurance carriers take into account the sensitivity of the data being collected when underwriting your risk.
Where does your company do business?
Cyber insurance rates vary by state in the US, depending on state-level regulations and the number of lawsuits associated with cyberattacks that are observed by insurance carriers. California, for instance, has recently instituted the California Consumer Privacy Act (CCPA), which raises the bar significantly for accountability placed on companies handling customers’ sensitive data.
While this regulation impacts only some companies, now may be a good time to determine if your company is one of them. CCPA is the newest standard in the US; however, there are other privacy acts that protect consumer data, such as the Biometric Information Protection Act.
Governmental scrutiny is not an issue specific to the US. The European Union implemented the General Data Protection Regulation (GDPR) 2016/679, which establishes rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
What’s the Cyber Insurance Outlook for 2020?
While other insurance markets continue to harden in 2020, cyber insurance seems to have plenty of capacity left into the new year. MunichRe, one of the largest reinsurance markets, continues to chase cyber reinsurance, providing some direction of the market (). We expect another year of minimal increases barring some systemic loss. SC Media, cybersecurity experts, recently reported that cyber insurance premiums were up 5% in 2019; which, in the insurance world, are minimal increases.
In general, the cyber market as a whole is expected to continue its growth into 2020. SC Media also reported that only “20% of businesses have invested in cyber insurance.”; so, with plenty of capacity on the insurance and reinsurance side it’s to be expected that more businesses will be protecting themselves with cyber insurance.
How Can Companies Manage Cyber Risk?
Prepare to rebound from internal threats. Although cybercriminals might seem like dangerous shadows in the night, employees can be just as much of a threat. According to Verizon’s 2019 Data Breach Investigations Reports, 30% of all data breaches can be attributed to insider threats. Keep in mind that employees aren’t always purposefully compromising sensitive information. For example, phishing attacks persuade unsuspecting employees to hand over access to company files. Avoiding a cyberattack would be ideal; however, it’s best to prepare for some level of internal threat. In other words, get cyber insurance.
Support cybersecurity staff with automation. Current endpoint data loss prevention and employee monitoring software are more robust than ever before. Automation tools typically come with the best options, too. What this means for your IT staff is less work, such as manual restrictions, continual monitoring, etc. Instead, these software programs can help to keep sensitive information from reaching the wrong hands by automating access.
Make cybersecurity communication a top priority. As mentioned, internal threats are some of the most significant. Top-down communication regarding best practices for data security is a must. The same thing goes for employee training. Also, improved cybersecurity not only shows employees how severe data threats are, but it also motivates them to share the load of cybersecurity.
Regularly update your risk assessment process. When it comes to safeguarding your data, having a relevant cybersecurity risk management plan is necessary. Know your company’s digital assets and how vulnerable they are, too. Accept that no company is immune to a cyberattack, so stay up-to-date on laws and regulations. Go as far as estimating how a much specific cyberattack will cost you. According to TechRepublic, the average cost of a cyberattack is over $1.1 million. Plus, 37% of companies experience a severe curtailing of their reputation after an attack.
Purchase an adequate cyber insurance policy. Without cyber insurance, you are left covering the cost of a data breach by yourself. While some businesses have more financial reserves than others, no company has a bottomless well of greenbacks. Cyber threats aren’t stoppable entirely. However, you can enforce strict security measures, establish a cybersecurity-focused company culture, and back your business with a cyber insurance policy.
Understanding the details of what coverage your company needs can be a confusing process. Founder Shield specializes in knowing the risks your industry faces to make sure you have adequate protection. Feel free to reach out to us, and we’ll walk you through the process of finding the right policy for you.