By improving your overall security profile and demonstrating a low risk profile, you’ll be able to negotiate lower cyber insurance premiums and enjoy long-term savings.
An increase in cyber attacks and claims is challenging for the cyber insurance business. Insurers have made changes in response: narrowing the parameters for coverage, increasing prices, and introducing new requirements for cover.
Many cyber insurance providers are now requiring basic security hygiene from their customers. One of those requirements is multi-factor authentication (MFA), which adds a layer of protection to sign-in processes.
Cyber insurers have struggled to assess and quantify the risk they are underwriting. The only way the cyber insurance industry will be able to support the market's growing demand is through trust and transparency built upon quantifying digital risk through sound data science principles.
Recent ruling in New Jersey involving the NotPetya attacks indicates that insurers may not be able to use "cyber war" clauses as an excuse to not pay out for remediation of ransomware attacks.
Cyber insurance premiums have jumped 73% in the U.S alone. Greater specificity over what is (and what is not) covered has become a feature of many updated policies, as has the expectation that companies need to have greater cybersecurity hygiene in place in order to qualify for insurance.
Lloyd’s of London has issued a bulletin indicating that its cyber insurance products will no longer cover the fallout of cyber attacks exchanged between nation-states. This definition extends to operations that have "major detrimental impact on the functioning of a state."
If cyber insurance providers want to create a better system that can reduce claims and better protect their policyholders, they cannot ignore the biggest driver of cyberattacks – password security.
Why “Ransomware Insurance” Causes Healthcare Industry to Overlook Deeper, Underlying Security Issues
For the healthcare sector where 34% of all organizations were hit by ransomware last year, cyber insurance may seem like a good investment. However, this may give many organizations a false sense of security.
AXA made news earlier in the month for opting to drop ransomware payment coverage from new cyber insurance policies in France. Operations in Asia were subsequently hit by a ransomware attack.