business owner reviewing cyber insurance policies

What You Need to Know About Changes to Cyber Insurance

The world of cyber insurance has gone through a slew of changes in the past five years. Why? There has been an exponential growth in the number, scale, and technique of cyber attacks. Each of these increases has led to an increase in demand for cybersecurity insurance, a consequential increase in premiums as well as some other adjustments.

Let’s go over the basics of cyber insurance so we can understand the impact of these changes. 

What is Cybersecurity Insurance?

Cyber insurance, also called cyber security or cyber liability insurance, covers businesses against losses resulting from data breaches. This form of insurance primarily applies to businesses that run secure networks as part of their daily operations.

A cyber attack on a business without cyber insurance may result in legal fees, compromised data, and the loss of computer systems. 42% of small businesses have experienced a cyberattack within the past year and 53% have experienced multiple data breaches. 

What Does Cyber Insurance Cover?

Coverage varies depending on the policy. However, cyber insurance generally covers: 

  • Fines, legal fees, and penalties
  • Credit and fraud monitoring services
  • Finding and addressing the security defect
  • Notifying customers of a data breach
  • Restoring the personal identities of affected customers
  • Recovering compromised data
  • Repairing damaged computer systems

How Has Cyber Security  Insurance Changed?

Cyber Attacks Have Evolved

Since 2020, cyber-attacks have changed significantly and become even more common with the increase of remote and hybrid work models. These attacks can be much more nuanced than in the past.  For example:

  • Phishing emails have fewer red flags and instead include a subtle change. For example, an email from one of your vendors may have a different bank account to pay your bill. 
  • Ransomware attacks are on the rise due to innovations in technology
  • Ransomware attacks have also moved onto a larger scale, such as the attack against Microsoft Windows Remote Desktop Protocol (RDP) credentials to gain access to victim networks

Increase in Demand: More Businesses Are Investing in Cyber Insurance

The U.S. Government Accountability Office found that in 2021, more insurance clients are choosing to purchase cyber coverage. In fact, this number increased from 26% in 2016 to 47% in 2020. As a response to this rise in demand, many insurance providers are changing their coverage. 

Insurance Providers Are Adjusting Cyber Insurance

With the rise in cyber-attacks and the demand for cyber insurance increasing, insurance providers may choose to make adjustments to the coverage they offer. Let’s take a look at how.

Increased Rates for Cyber Insurance

Many insurance providers may increase their rates. In its 2021 report, the U.S. Government Accountability Office found that a number of insurers reduced coverage limits or increased premiums for higher-risk industries. These industries may include:

  • Academic institutions 
  • Health care 
  • Public sectors

Tightened Policy Terms

In order to reduce losses from cyberattacks, insurers have tightened policy terms and conditions. For example, in the past, cyber coverage was often included with commercial property and casualty policies. Now, many insurance providers offer cyber coverage separately instead. 

Lower Coverage Limits

Due to the rise of cyber events and the resulting spike in payouts, insurers are reexamining the coverage limits they offer. 

Documentation May Be Required 

Many insurance providers aren’t quick to fill in the gap in demand for cybersecurity insurance. In fact, some insurers and reinsurers are stepping back to evaluate their risk appetite due to the increase in the severity of cybersecurity attacks. 

To mitigate risk, some providers have begun to transition towards requiring documentation to evaluate a client’s cyber programs. Eventually, if the insured party fails to provide sufficient documentation, they may not receive coverage. 

What Do These Changes Mean for Policyholders?

For policyholders, these changes can lead to fewer coverage options, stricter standards as well as more exclusions. Businesses may be required to pay more or risk having lower coverage limits.

How Can Policyholders Minimize Cyber Insurance Increases?

Insurers are looking for policyholders to reduce their risk of a cyberattack by taking steps such as:

  • Limiting network access to authorized personnel 
  • Implementing multi-factor authentication on all access points to the network, such as phones, computers, email, etc. 
  • Maintaining updated operating systems, software, and applications 
  • Utilizing anti-virus software and anti-malware solutions that will automatically update and run regular scans of your system
  • Regularly backing-up data
  • Creating a plan in case the business experiences a cyber attack
  • Training employees on cyber security, including information about phishing emails and not opening malicious attachments
  • Quarantining suspicious emails

Have More Questions About Cyber Insurance?

Apex Risk & Insurance Services was specifically founded to fill the service and consultative gap left by agency consolidations in the insurance marketplace. These consolidations have left customers who are used to a boutique service approach with no personal connection to their team.

Apex brings the high-touch service proposition back to the San Diego business community, and beyond

Read on to learn more about how to protect your business from ransomware.