Cyber Insurance Price Shock

Five years ago, if you had asked the Board of Directors what their number one concern was, the large majority would have answered growth or sales.

Ask the same question today, and I guarantee security and cyber risk are right up there in the pecking order. If they are not, they should be.

The Cyber Security Landscape in Numbers

In the last 12 months, businesses have experienced:

• • 57% increase in the volume of cyber attacks

• • 59% increase in the complexity of the attacks

• • 53% increase in the impact of the attacks

To make matters worse, 66% of businesses questioned in the last year experienced a ransomware attack, up from 37% in the previous year. There is nothing to suggest this trend will reverse any time soon. We are entering a period of economic uncertainty and instability. History tells us that crime rises during these periods. Ransomware attacks can be pretty easy to orchestrate, and even if only a fraction pay off, the investment from criminals has a return that warrants their effort.

The Cyber Insurance Spike

This increased likelihood and impact of cyber attacks has resulted in businesses seeking cyber insurance. However, fewer insurers want to take the risk. Of those offering policies, the price has risen by up to an eye-watering and hard-to-swallow 200%. As a result, businesses cannot obtain cover, but the price is not always the main obstacle.

Unwelcome news all round then? Not necessarily, at least not for those organisations prepared to take the threats seriously and adapt accordingly. In response to the market in the last 12 months, 97% of the same businesses surveyed above reported making changes to improve defence mechanisms, implementing modern technologies and services, increasing employee training and education and changing processes. Insurance policies paid out on 98% of claims if these businesses were unfortunate to suffer a cyber-attack.

 

The Opportunity Costs

Those companies tell the same tale: much like compliance, investing in areas to strengthen the organisation drives real operational efficiency, including the cost of time saved worrying about what may happen if you don’t invest! So from an insurance view alone, investing in your business is wise. Still, I would argue that putting that aside, it is essential to make your business robust, reduce the time spent worrying about ‘what if’ and get back to devoting that brain power to growth.

 

The Cyber Non-Negotiables

Our experts advise some must-have non-negotiables you need to get in place first and other desirable solutions that may rely on your business type, budget and the like.

The must-haves include:

• • Multifactor authentication for remote access and privileged controls

• • Secure, encrypted back-ups that are evaluated frequently

• • Endpoint detection and response

• • Email filtering and web security

• • Privileged access management

Our Cyber Security Vendor Alliance Manager, Adam Gleeson, reviewed the five key essential functions small and medium-sized organisations require to be cyber secure.

We are strict with our security and passionate about sharing the lessons we learn with our customers and resellers. For instance, we had to give our Information Security Officer a monthly blog series to funnel his knowledge. Check it out here.

---

Speak to our experts to find out what strategy works best for your organisation. We offer end-to-end solutions, working with our best-in-class vendors such as Sophos, Microsoft, Forcepoint and Forescout, and providing Vulnerability Assessments and Penetration Testing with our CREST and CHECK accredited security professionals.