Webinar Recap: Insuring for Cybercrime
In our January webinar, we invited Melody Olson, regional director and sales executive in Propel Insurance’s construction and real estate group, back for a second discussion on the state of insurance, specifically cybercrime.
The biggest myth about cybercrime is: “We aren’t a target.” But the fact is that even small and middle-market organizations are increasingly ideal targets for cybercriminals. The frequency of cyber-attacks on firms with 250 or fewer employees increased by 57% from the first half of 2020 to 2021. This includes enterprises you might expect, like retail/wholesale (up 39%) and those that seem less obvious like consultants (up 73%).
Regardless of size, businesses overall experienced 50% more attempts on their systems each week than the year prior.
The most common cyber-attacks are:
Ransomware attacks, which cost businesses 170% more in 2021 than in 2020
Social Engineering including business email compromise, which rose 51%
Funds transfer fraud, which increased 28%
The cost of these crimes is high. Ransomware demands averaged $1.2 million last year and data breaches averaged $4.24 million. The average downtime after a cybercrime is 22 days, and lost business represented the largest share of breach costs, at 38% or an average of $1.59 million.
Cyber Insurance Options
You can mitigate the risks of cybercrime with two kinds of coverage:
First-party insurance offers protection from extortion/ransom, funds transfer fraud and phishing. It covers the insured’s costs related to incident response, legal expenses, data restoration, etc. It also includes business interruption coverage.
Third-party insurance includes security and privacy liability coverage, such as legal defense; and coverage for regulatory and payment card industry fines, penalties and defense. Liabilities to others.
As cybercrimes increase, insurance rates rise, too. Premiums for cyber insurance have gone up 25.5% since Q4 2018. In addition, underwriting guidelines are getting more stringent. Most insurers are requiring more information related to your business’ IT risk management practices including backup strategies, employee cyber-safety training, and deployment of multifactor authentication.
Cybersecurity Tips
There are a few things you can do to reduce the risk of falling victim to cyber-crime:
Employee awareness and skills training keeps staff up to date on the latest tactics used by cyber thugs and the latest security protocols to reduce risk. Your insurance broker can help you find training resources.
Multi-factor authentication (MFA) is one of the most effective prevention tactics. Almost all (99.9%) account compromises researched by Microsoft did not have MFA enabled. With MFA, users provide two or more authentications –such as a password, PIN, badge, fingerprint or voice recognition -- to gain access to your network.
Network security improvements harden your tech infrastructure against potential bad actors. A robust network security configuration can help prevent, detect, and mitigate cyber-attacks. This includes net-zero trust protocols that require every user and device accessing resources on your network to verify their identity and credentials at every stage of digital interaction. More complex and adaptable than the old firewall model, Access Control Management keeps people and information safe by allowing flow where it’s needed and restricting access where necessary. Ask your IT leader or consultant for a quick audit of your network’s protections.
Combining insurance and best practices can reduce your risk of becoming a victim of cybercrime. Get more details by tuning into the full session below.
This information doesn’t constitute insurance or legal advice. Always check with an attorney or insurance expert before making decisions.
As ever, reach out if you have any questions.