All Tech Field Day Events

Cyber Insurance Premiums Rise Amid a Flurry of High-Profile Cyberattacks

With cyberattacks paralyzing organizations one after the other, CEOs are turning to cyber insurance companies for protection. Following a barrage of costly data breaches in the past few years, the demand for specialized cyber insurance policies has gone up by 21%, the New York Times reports. But with the demand, premiums too have shot up leaving many companies without coverage.

In this Delegate Roundtable recorded at the Security Field Day event in Silicon Valley, Tom Hollingsworth and the attending delegates talk about pricy premiums, the pains of cyber claims, and the market driving adoption of new technologies.

“We Are Reducing Risk One Bite at a Time”

Sophistication of cyber incidents and their financial impacts have been on a slow and sinister rise. Every year the numbers hit a new high with companies sustaining big losses in the forms of damage to the brand, lost revenue, and sometimes, full and final closure of business.

The general liability policies typically don’t protect against these kinds of risks. The losses are intangible, and therefore not readily quantifiable.

“We have certain kinds of insurance that are set up to protect life and limb. But what happens if a company finally gets to the point where it has collected so much data that the likelihood of a breach could materially impact the lives of every person in the world?” asks Tom Hollingsworth.

As a way to protect against the potential impacts of such attacks, it is critical for every organization to be on a specialty plan that provides coverage against emerging threats.

The market has shifted significantly since companies started purchasing cyber insurance policies. Trends show that between 2022 and 2023, cybercriminal gangs purposely targeted cyber-insured organizations for easy payoffs.

Indiscriminate claim flows from organizations hit by cyberattacks have caused carriers to tighten their belt and mitigate losses.

Insurance carriers work with underwriters that actively look for ways to throttle claim payouts. “The underwriters started pushing back on the companies saying you can’t just issue these policies with any hope that they’ll never pay off. They will and you need to put some basic protections in place,” he says.

One of the ways they’re doing this is by setting up stricter requirements which includes adoption of certain security technologies. “Lately we’re seeing more and more detailed attestation almost to the level of an audit. It reminds me of HIPAA compliance, and this is driving customer adoption of technologies. Before, they would do the cost-benefit analysis of whether a technology is going to slow the business down, or anger the users. Now it’s not a question,” says Ben Story, Network and Cybersecurity Engineer.

These requirements incrementally mandate the use of DNSSEC, SOC, SIEM and such technologies as the baseline to qualify for cyber risk coverage.

SEC’s New Discloser Rules

For carriers, up until recently, there wasn’t enough data to analyze the likelihood of an attack or what it’d cost, but recently, the U.S. Securities and Exchange Commission (SEC) passed a rule that requires organizations to disclose a breach within 4 working days after the incident is determined.

Over time, this will help provide more visibility into the threat landscape, and help make better risk assessment.

In the current landscape, cyber insurance is an essential element of the security posture, but it is not made mandatory yet. Experts worry that escalating premium prices may make purchasing difficult for smaller companies.

Max Mortillaro, industry analyst, points out that having cyber coverage, if one can afford it, is a great addition, but it is not a silver bullet. “It’s more of an add-on to make sure that you have this extra buffer rather than something which is going to save you because the cost, if you want to embed everything into such a policy, is going to be astronomical. So, it doesn’t make sense economically.”

Be sure to catch the full discussion, and many other interesting presentations from the recent Security Field Day event.

About the author

Sulagna Saha

Sulagna Saha is a writer at Gestalt IT where she covers all the latest in enterprise IT. She has written widely on miscellaneous topics. On gestaltit.com she writes about the hottest technologies in Cloud, AI, Security and sundry.

A writer by day and reader by night, Sulagna can be found busy with a book or browsing through a bookstore in her free time. She also likes cooking fancy things on leisurely weekends. Traveling and movies are other things high on her list of passions. Sulagna works out of the Gestalt IT office in Hudson, Ohio.

Leave a Comment