Every 40 seconds, a ransomware attack strikes a business somewhere in the world, according to Kaspersky Lab. But only about 10 percent of all companies are protected by cyber insurance, underscoring that despite the headlines generated by massive corporate data breaches, far too many organizations are leaving themselves vulnerable to the significant damage a cyber-attack can cause, from negative media coverage to the costs associated with compensating affected customers.
Cybersecurity Ventures projects that the global cost of cyber-attacks will reach a staggering $6 trillion by 2021 and Gartner predicts that 60 percent of digital businesses will see major service disruptions by 2020. The need to confront cyber risks has never been more pressing, particularly as the pace of digitization accelerates.
Insurers have a vital role to play in inoculating organizations against potentially crippling attacks. With cyber insurance premiums forecast to reach $7.5 billion by 2020 – a 200 percent increase over 2014 figures – how can insurers do their part to leverage this opportunity for the benefit of customers in today’s digital world?
Protect your customers!
Insurers can purchase software that enables them to build, launch and sell cyber insurance products. Ideally, they’ll be able to create an intuitive and user-friendly cyber insurance offering in just a few weeks. Such offerings can include coverage and protection from cyber threats, including data breach costs, crisis containment, cyber business interruption, cyber extortion, privacy protection and hacker damage. By creating a simple-to-understand policy that provides comprehensive cover, organizations and individuals will know what they are buying and can be confident they will be covered in the event of the type of cyber losses that are becoming all too common in today’s digital era. With large percentages of insurers reporting that they experienced an attempted data breach in the past year, there is significant interest in this new line of business.
Overcome knowledge gaps
Promoting cyber awareness is essential to guarding against cyber threats – and by ensuring that employees at every level are vigilant, organizations can stop many attackers from carrying out their schemes.
The problem? Persistent knowledge gaps hinder the creation of effective cybersecurity cultures. Human error accounts for a significant share of cyber breaches, with phishing schemes alone is responsible for three quarters of malware hitting organizations globally, according to NTT Data. And while there’s broad recognition that cyber-attacks pose a major threat to organizations, there’s a stark divide between IT professionals and corporate leadership regarding the effectiveness of organizational protocols. In one survey, 59 percent of corporate board members said that their organizations’ cybersecurity governance practices were very effective, while only 18 percent of IT professionals agreed.
Insurers can work with their clients to achieve a unified understanding of cybersecurity policies and terms. When all stakeholders operate according to a standardized cybersecurity framework, organizations can better manage risk, understand their vulnerabilities, respond to emerging threats and contain the fall-out of breaches.
Prepare for the worst
Beyond instilling more cyber awareness among all employees, insurance companies should work with clients to develop security protocols and leverage technological solutions to safeguard assets. Critical assets – customer data, for example – should be prioritized for rigorous protection. Most importantly, insurers should recognize that cyber strategy is integral to the overall business strategy; cutting corners (or IT budgets) may be temporarily beneficial but can mean paying a steep price down the road.
Given the cunning of cyber criminals and the unfortunate reality that it takes only one weak link to expose an organization, not all cyber-attacks will be prevented. It is therefore crucial that insurers work with organizations to develop disaster recovery plans for assessing the fallout and containing the damage of any cyber incident, with clear chains of responsibility and response protocols.