Amid today’s ever-expanding threat landscape, cyber insurance is quickly becoming as important as car insurance. As the government continues to explore the possibility of mandating cyber insurance coverage for businesses, it’s possible this will soon literally be true, discusses Alex Heid, chief research & development officer, SecurityScorecard.
As cyberattacks continue to rise, preventing and detecting them have become top-line priorities for today’s organizations. The SolarWinds breach was a major wake-up call to many organizations previously unaware of the danger of third-party breaches, underscoring the need for stronger perimeter and in-network defenses for organizations across a wide range of industries. With ransomware also on the rise, organizations are beginning to recognize the need to protect themselves against some of today’s most notoriously difficult-to-stop attack tactics.Â
Unfortunately, while strong network protections are essential, they will never be capable of stopping 100% of attacks. Today’s organizations should not only aim to prevent breaches, but to protect themselves, their employees, and their customers in the event that one does occur. As business leaders begin to adopt this mindset, cyber insurance is receiving a growing amount of attention, and many are beginning to recognize the value that cyber insurance offers. As organizations look for new ways to protect themselves and also vet potential partners and vendors, cyber insurance is quickly becoming an essential aspect of cybersecurity.Â
See More: Ransomware Payments: Is Cyber Insurance With Proper Controls the Best Solution?
Today’s Threats Require New Solutions
Amid the pandemic, cyberattacks have risen significantly, as have attacks on specific industries like healthcare. Large organizations of every industry vertical have been targeted, and it appears that every link within the digital supply chain is probed for weakness by modern hackers. Attackers who successfully breach the weakest link within the digital supply chain stand to access the largest quantity of interconnected enterprises.
This year has already seen significant breaches impacting international telecommunications providers, automobile manufacturers, energy companies, managed service providers, educational institutions, local governments, and even cybersecurity firms. No industry has been spared, and the breaches were significant enough to impact business continuity and financial operations.
Individuals have also continued to be targeted in small-scale attacks through password reuse attacks and traditional identity theft. The sophistication of modern attacker tactics seeks to leverage the information of compromised individuals from third-party breaches for expanded access to enterprise networks.
According to a recent report from IBM and the Ponemon Institute, the cost of a data breach in 2020 was $3.86 million, and it is important to note that this is just an average. Breaches can cost considerably more. According to the report, if a third party causes the data breach, the cost tends to increase by an average of $207,000, for an adjusted average total cost of $4.06 million.
Perhaps the most concerning aspect of the rise of third-party attacks is that attackers have automated and scaled the methods of attack and chained exploitation methodologies. Two recent examples of third-party services that were breached and gave attackers a backdoor into thousands of companies were attacks against SolarWinds cybersecurity solutions and an attack against Kaseya’s managed service solutions. In both instances, attackers compromised an entity that serviced thousands of other organizations with direct network interconnectivity.
Another concerning aspect of the third-party breach scenario is that it is harder to prevent: even companies with impeccable cybersecurity tools and practices cannot control the preparedness of their vendors and partners. They can vet those partners to assess their preparedness as effectively as they can, but they ultimately cannot control their password policies, VPN security, and other essential security measures. Knowing this, a growing number of companies are turning to cyber insurance to protect their bottom line.Â
See More: Why Cybersecurity’s Latest Buzzword, Zero Trust Needs a Simple Approach in the Hybrid World
The Benefits of Cyber Insurance
The massive rise in attacks has made cyber insurance a borderline necessity. For ransomware attacks, insured victims no longer need to agonize over whether to pay the ransom. Most insurers will recommend simply paying the ransom, then fully or partially reimburse the victim. In this way, cyber insurance functions somewhat similarly to business liability insurance and is becoming almost as important. It can even be helpful for individuals with significant digital holdings, such as NFTs or cryptocurrency. Anyone with significant assets in a digital wallet or exchange should look into protecting them with insurance. The peace of mind alone is well worth it.Â
Cyber insurance can also protect against reputational damage, with some policies including provisions for public relations and other image restoration methods. Some may also reimburse for downtime and account for asset replacement, ensuring business continuity. And some insurers may even offer forensic support to help victims identify the causes of a breach and prevent it from happening again. Cyber insurance is about more than just financial protection: it highlights an organization’s dedication to responsible business practices and shows potential partners and customers that they have covered their cybersecurity bases effectively.Â
All this said, cyber insurance is still a budding industry, and as adoption grows, premiums will likely rise. But policies will also grow more tailored, offering protection from specific types of attacks and providing instructions on how to respond to them appropriately. Like other forms of insurance, cyber insurers can also incentivize organizations to behave more responsibly. For example, improved cybersecurity posture may result in lower premiums. They may encourage those they ensure to adhere to guidelines put out by the National Institute for Standards in Technology (NIST), for example, aligning them with industry best practices. This can have the effect of improving an organization’s overall cybersecurity posture even as it protects its bottom line. And the White House clearly agrees, having recently listed cyber insurance among the options being explored to incentivize stronger cyber defense in the U.S.Â
Shoring Up Your Digital World
The rise in attacks amid the COVID-19 pandemic combined with the rise in well-funded third-party attacks created the perfect storm of circumstances to herald the rise of cyber insurance. At this point, cyber insurance is no longer a “nice to have†resource;it’s essential.Â
Businesses large and small are targeted by cyberattacks every day, and they need to protect both themselves and their customers. Amid today’s ever-expanding threat landscape, cyber insurance is quickly becoming as important as car insurance, and as the government continues to explore the possibility of mandating cyber insurance coverage for businesses, it’s possible this will soon literally be true. Whether mandated by the government or not, cyber insurance is just smart business and an increasingly common way to address today’s most prevalent attacks.Â
Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.