By The Structured Security Team —
Experts agree, it isn’t a matter of if your organization will come against a cybersecurity threat, it’s a matter of when. And companies that provide cybersecurity insurance are passing along the costs, increasing premiums to combat the risk of increasing payouts.
Cybersecurity Insurance Costs Are Increasing Rapidly
Cybersecurity insurance costs are increasing dramatically for organizations across the globe. According to a report by Standard & Poor’s Corp. published earlier this year, “Cyber insurance premiums, which now total about $5 billion annually, will increase 20% to 30% per year on average in the near future.” This is partly due to increased claim frequency, the severity of these claims, and the uncertain nature and definition of cyber risk within the insurance industry itself.
Another report, the Marsh Global Insurance Market Index, found that cyber insurance costs aren’t plateauing like the costs in other markets. In fact, in the first quarter of 2021, prices generally increased by 35% in the U.S. and 29% in the U.K.
Why the Increase in Cybersecurity Insurance Costs?
As previously stated, the rise can be partly attributed to increased claim frequency and the severity of the claims filed. Here is a deeper examination of those causes.
The Overwhelming Cost of Data Breaches
Data breaches are expensive and can ruin the health of a business. Not only are there significant hard costs related to remediation — including salaries/overtime, outsourced professional services, equipment replacement/new product purchases, lost opportunity due to downtime, etc. — but there are soft costs, too. Reputational damage is hard to factor, yet it can sink a business in very little time.
Ponemon and the IBM Institute’s 2021 Cost of a Data Breach report saw a 10% increase in the average cost of a data breach, up to $4.24 million. This is the highest amount ever recorded. The report also found that it took an average of 287 days to find and contain breaches. For organizations with remote work adoption of more than 50%, this stat gets worse. In those organizations, breaches took, on average, 316 days to find and contain.
How is this affecting insurance costs? A report by Willis Towers Watson found that out of more than 1,150 analyzed claims, the average settlement was a whopping $4.88 million. Insurance companies must increase premiums to keep up.
Subpar Cybersecurity Protection
Another main reason behind increased insurance costs is the issue that causes cybersecurity claims to be filed in the first place: Subpar protection. Many organizations have yet to truly grasp the importance of cybersecurity across the enterprise, resulting in inadequate protection from ransomware, malware, and other security threats that attack vulnerable endpoints.
The hasty rise of remote work presented an especially attractive threat vector for modern cybercriminals. These criminal syndicates have capitalized on vulnerabilities stemming from configuration errors and omissions in accelerated remote work initiatives, including misconfigured remote desktop software, insufficient identity and access management requirements, and a lack of orchestration and monitoring across disparate security tools.
Further, these gangs quickly shifted tactics to take advantage of a newly remote workforce that had not had time to receive adequate security awareness training. Credential theft and ransomware is skyrocketing as sophisticated phishing techniques target distributed workers, whose very separation from an in-person group can make them more vulnerable to exploit.
According to Experian, more than half of respondents to the 2021 Data Breach Preparedness Study say their plan does not include preparedness for a data breach caused by a remote workforce. Analogously, 42% of respondents affirmed their organization had suffered a ransomware attack
How Structured reduces your exposure to rising premiums
The only way to thwart the overwhelming costs of cybersecurity insurance and risk is to:
- Shore up existing security systems and processes within your organization;
- Implement policies that are carefully crafted, documented and tested; and
- Close any remaining security gaps with appropriate new hardware, software, cloud services, and/or professional consulting and implementation services.
Perhaps most important, do not overlook the value of regular end-user training. Your workforce is being targeted with phishing and ransomware. Be sure to arm your people with the knowledge they need to recognize advanced threats.
Structured provides the in-depth cybersecurity consulting and professional services needed to achieve the objectives above. Further, we specialize in the subjects below. Focusing your efforts and attention in these areas will lower risk by protecting your organization from today’s advanced threats, which also goes a long way with your insurance provider to mitigate rising premiums.
Zero Trust
This framework is an effective way of protecting against exploits targeting your network. Best of all, previous investments in security architecture are not wasted in a Zero Trust design. They are repurposed and improved to enhance their efficacy.
Multifactor authentication (MFA) for remote and administrative access is a key component of a Zero Trust strategy — and one that many insurance firms are mandating as a condition of becoming insured.
Governance, Risk and Compliance
Did you know that cyber insurance questionnaires are now asking what data your organization handles? For example, does your organization fall under compliance requirements for PCI, PII, or HIPAA? Do you handle consumer financial information or other sensitive data sets? Achieving and demonstrating consistent compliance with these regulatory requirements can be an effective way to show a reduced risk posture and lower premiums.
Acting accountably, breaking through silos, minimizing exposure, and safeguarding privacy, data, and assets is key for every organization — and foundational to proper governance, risk management and compliance (GRC) adherence. And, stronger GRC often translates to lower cyber insurance premiums.
Enterprise Security Architecture
Think about your security posture from the ground to the cloud. Now that security measures must extend to wherever access decisions are made, it is important to create a next-generation enterprise architecture that reduces incident response times, assists in the discovery of unknown threats, streamlines security deployments across the enterprise, and safely enables applications.
Cloud Security
Software as a Service (SaaS) and multicloud architectures are quickly becoming the solutions of choice for modern organizations. With the flexibility and availability of SaaS and multicloud, organizations are now free to choose the best method for delivering vital applications, data, and company resources to a mobile, highly productive, and technology-dependent workforce. Unfortunately, this also means end-users’ valid credentials are prime targets for cybercriminals.
Structured reduces cloud security risks by providing consulting for Cloud Security Posture Management (CSPM), Secure Access Service Edge (SASE), Cloud Access Security Broker (CASB), and various “aaS” security models, including SOCaaS and DRaaS.
Improve your organization’s cybersecurity with structured
Structured is here to help improve your organization’s security posture so you can decrease insurance premiums, and — most important — avoid disastrous breaches that lead to big payouts. From Zero Trust consultations, to the construction of enterprise security architectures, to risk and compliance assessments, we provide a pragmatic approach to protect your entire enterprise.
To learn more about our services, call us today at 800.881.0962 or email us at info@structured.com