As cyber-attacks become more sophisticated and frequent, businesses are turning to cyber insurance policies as a means of protection. Increasingly, CISO’s and Board of Directors are eager to take advantage of “risk transference” as part of a holistic cyber risk management strategy. However, the cost of such policies can often be a significant concern for organizations.
A data breach may not only damage your computer system or IT infrastructure, but it may also destroy your brand reputation. The consequences of a data breach may be very horrific, which may lead organisations, whether they be large companies or small businesses, to bankruptcy.
The expanding attack surface of an increasingly interconnected digital world comes with a high degree of risk due to ransomware, phishing attempts, supply chain attacks, data breaches, and other cyber incidents. And while many organizations recognize the need for cyber insurance, a recent Forrester Research report found that only 55% of organizations in North America have purchased cyber insurance. 1
The rapid escalation of cyberattacks around the world has increased the number of prerequisites to qualify for a cyber insurance policy. If a business faces a cyberattack involving a data breach, it may find it hard to recover without additional support or resources. And this is just one example.
As cyber insurers become more experienced in what kinds of claims are being presented, and the threat action details therein, specific types of coverages are no longer being included. I’ve written quite a few times about specific cyber insurance claim cases that required going to court to settle. And in most of them, the courts sided with the insurer because the wording in the cyber insurance policy made certain it was covering specific use cases.
As more and more businesses and individuals rely on technology and the Internet, cyber threats such as data breaches, malware attacks, and cyber extortion are becoming increasingly common. Overall, cyber insurance can help mitigate the financial, legal, and reputational risks associated with cyber incidents.
A ransomware outfit is advising its victims to secretly tell them how much insurance they have, so their extortion demands will be met. As security researchers at Varonis describe, a new strain of the HardBit ransomware has taken the unusual step of asking targeted companies to spill the beans of whether they have cyber insurance (and the terms of that insurance) anonymously.
