The Future of Cybersecurity Insurance and MFA
February 28, 2022 •
On February 23rd, Cyphercor hosted a live webinar all about the future of cybersecurity insurance and MFA. Cyphercor’s CEO Diego Matute was joined by insurance broker Blair Hancock as panelists for the discussion.
On the agenda we discussed three primary topics: How did we get to where the nature of cybersecurity insurance is today? What does the cybersecurity insurance market look like presently? Finally, where is the industry going?
We’ve included a recap of those three topics below, and you can watch the full video replay on our YouTube channel here.
How did we get here?
Lately, we have been discussing the ransomware epidemic and the rise in cybercrime. It’s predicted that in the next ten years, the cost of ransomware will rise to $256 billion USD annually and there will be a new ransomware attack every 2 seconds.
Our experts were asked what is the cause of this and how is it affecting the insurance industry?
- The reality is that the government of Canada blocks on average 600 million ransomware attacks on a daily basis. What’s changed is that ransomware has become much more lucrative, the cost of execution has gone down, and more businesses are being targeted.
- Remote working has also created a much larger attack surface.
- It’s been noted that firms are paying the ransoms which means that the ransomware attacks are working which is why they continue to happen.
- Cryptocurrency is another enabler due to its anonymity, lack of protections, and makes it easier to steal peoples money and identities.
- For insurance companies, there’s more money going out than being collected in premiums. The losses have caught up to the coverage. There needs to be enough premium to cover the cost of a ransomware attack.
- Insurance companies will exit a certain industry when this happens, and we’re seeing that with cybersecurity. There are only so many insurance companies that will be truly dedicated to cybersecurity as it is a risk for the company as they may be paying more on cyber losses.
Cyber insurance today.
What has this new ransomware and lucrative cyber crime environment led to for companies trying to get insurance? Is it harder for companies to get insurance? What are the main difficulties?
- Many companies, particularly those in certain industries, are having a difficult time getting insurance.
- Some of the main difficulties to getting cyber insurance today is not only cost but also coverage of availability. You need to maintain up to 10 – 50 million in revenue to be considered with some of the top insurers. Depending on what you need, premiums can go up.
- Insurance companies can pick and choose who gets insurance depending on the losses that may occur. If your industry is of higher risk for a ransomware attack, then your premium is likely to be more expensive. However, now no company is protected against cyber attacks without a premium.
- There is a reactive nature of having to replace an insurer if they don’t supply cyber security insurance or their premium is too low for your company’s needs. This depends on what industry you’re in and how much risk is in your industry. You need to make sure you’re covered as there is a significant impact on coverage availability.
- We’ll have customers coming to us saying they have certain requirements from their insurer and won’t be able to renew if they don’t meet certain requirements. They may only have 1 or 2 months to implement or risk renewing with less coverage.
- There’s no set company size or industry where they have that new need, it’s across the board.
Are insurance providers helping companies with meeting requirements needed to get insurance?
- There are a few that are transparent with helping. Others, unless you’re close with your broker, won’t offer assistance.
- Some have active threat monitoring, others have vendors that deal with this. Some will have online resources or their very own people.
- Requesting and enforcing the requirements is new for insurance companies and how to do it effectively is difficult at the start. To capitalize on revenue, it’s important they help. So offering services is there.
- Others will really dedicate their time to it and others will completely back out. Insurance companies that choose to dedicate themselves to it will be able to make a big revenue as its big market.
Where are we going?
What will the future of cybersecurity insurance look like, and how can companies prepare for this new future?
- Ransomware isn’t going anywhere. It’s cheap to deploy ransomware attacks but it’s also cheap to come up with solutions.
- Cybersecurity will become mandatory and more readily available which will make it more expensive for ransomware to occur.
- There are laws and industry regulations outlining how to protect your data, and this will likely continue. Any industry that holds people’s credit card information, has to have cyber security protection and insurance.
- Cybersecurity in general is becoming more popular and more spoken about in a lot of industries and insurance companies are jumping on board. Insurance companies will put better cybersecurity practices for everyone making it more streamlined and accessible.
- There are signs of improvement and insurers are becoming reactive, so the outlook is positive.
- Although there was an increase of 140% in premium increases last year, the premiums will follow based on competitiveness etc.
- Insurance companies will decide what they can do to cut losses and maintain in the industry.
- Risk selection isn’t going anywhere but preparedness is important as well. Insurance companies look for that, so it’s important that you have maximum security and backups.
That concludes our recap! Never miss an update from Cyphercor and sign-up for our newsletter below!