As the cost of data breaches rises year over year, many organizations look to cyber insurance to protect themselves from potential losses. Even in supplier contracts, more companies are now making cyber insurance a prerequisite to do business.
However, cyber insurance is costly. Five years ago, obtaining coverage was easy and relatively cheap. But, today’s policies are unaffordable for many organizations.
Luckily, there’s a way to lower your insurance premiums. We’ll explore the reasons behind the recent rise in cyber insurance costs and offer actionable steps to help your company secure cost-effective coverage.
Why is cyber insurance so expensive?
During the pandemic, the cyber insurance market went through a period of great hardship. A rise in ransomware and business email compromise attacks led tens of thousands of businesses with cover to seek payouts.
Insurers weren’t ready for the surge. Until then, they had written fairly broad policies at low price points. As S&P Global reported, insurer loss ratios rose from 25% in 2020 to 72% in 2021. Concurrently, the average paid loss for a claim rose from $145,000 to $358,000 in 2021.
In response to this financial strain, insurers implemented measures to regain profitability in 2022, including more meticulous evaluations of risks through detailed questionnaires, stringent underwriting practices, and reduced coverage.
For buyers seeking cover, the result was higher premiums and more policy prerequisites, such as implementing multi-factor authentication and data loss prevention (DLP).
Over the last year, the cyber insurance market has leveled somewhat, but coverage is still more expensive than it was four years ago.
Insurers have learned from their prior mistakes. Today’s policies are much more rigorous and dynamic than they were the previous decade. When a new attack type emerges or the cybersecurity market evolves, insurers adapt their policies quickly to improve loss ratios.
Organizations must stay informed about these policy changes to avoid claim rejections. The following are key changes within the cybersecurity industry that affect cyber insurance in 2024.
Systemic risk changes
Systemic risk in cybersecurity means the inherent threats within digital business systems, such as supply chain attacks, human error, and software vulnerabilities.
Cyber insurers are tightening policies around these risks, meaning they are less likely to payout in the event of a breach or outage caused by a systemic risk. Check your policy to assess your insurer’s stance on systemic risk.
Mandatory real-time monitoring
SEC Rule 106 will make real-time data protection mandatory for public companies. Cyber insurers are likely to follow suit, offering lower premiums to organizations that invest in data loss prevention (DLP).
In particular, organizations should bring data protection to cloud applications like Slack, Microsoft Teams, and Google Drive. As witnessed in the recent Microsoft breach, these applications are the most vulnerable to data leakage and theft.
Generative AI tools have introduced new cybersecurity risks, such as data poisoning, hallucinations, and data leakage. Insurers are acutely aware of generative AI’s risks and are adapting their policies to include specific terms and conditions around generative AI usage in the enterprise.
Specifically, insurers will not provide coverage for the unauthorized disclosure of a company’s proprietary data via generative AI tools. It’s therefore vital for organizations to bolster generative AI security through proactive security controls. Learn more about this problem and potential solutions in this DLP for AI whitepaper.
How to lower cyber insurance premiums in 2024
The best way to lower your cyber insurance premium in 2024 is to reduce your company’s risk profile. The more hardened your company’s security posture is against data breaches, the lower your premium will be.
Here are six steps to dramatically lower your insurance premium:
- Implement multi-factor authentication and robust password policies to combat account takeover attacks.
- Move towards a zero-trust architecture.
- Deploy data loss prevention to reduce data leakage and theft.
- Educate users on common security threats and compliance requirements.
- Design an effective incident response plan.
- Consider achieving a security standard like SOC 2 or ISO 27001.
It’s important to note that cyber insurance is by no means a silver bullet. It cannot prevent data breaches. It can only help you recover.
It’s better to reduce the likelihood of a breach by building and maintaining a strong security posture. Invest in cybersecurity to help prevent cyber attacks and simultaneously lower your insurance premium.