With all of the recent breaches and data exfiltration efforts, not to mention the successes of Cybercriminals of all kinds - the inevitable has finally happened, the Cyber Insurance market is adjusting. It's even reached the point where the US Federal Government is reviewing the stability of the market, and worst-case scenarios should massive Cyber Attacks occur - if the industry could even survive.
On top of this, we are seeing dramatic increases from insurers, "rising 21.3% in the second quarter" - an expectation that is likely to increase over time. This is for a multitude of reasons but shouldn't be anything new to people who have been following the headlines and reading the insurance updates. The problem insurers are facing is that many of the organizations were simply relying on the insurance companies to payout and reimburse for ransoms and attacks. That, of course, became an abusive business model where premiums couldn't possibly sustain the amounts being paid. Insurers bringing in hundreds of thousands but having to pay out millions quickly depleted their coffers. So, insurers started raising rates and requiring organizations to meet better and higher standards of security. Anyone failing to meet the standards after a breach would be denied the payout. And that has become more of the case these days. Especially with one simple question: "Did you have 24x7 monitoring and response capabilities prior to the attack/breach?". If the answer is yes, they'll move on to the next question. If no, the claim is instantly denied.
Now, thanks to the above mentality, the entire cyber insurance industry is about to go through a revamp. Companies will be required to pass audits dictated by their insurance providers just to get and maintain coverage. Insurers are partnering with cybersecurity vendors and service providers in order to validate customers actually have not just appropriate security in place, but that they actually have the security coverage they claim to have in place, that it's configured properly, in use and deployed, and fully operational. By the way, audits aren't going to be for just prior to receiving the coverage! This will be an ongoing audit process in order to maintain the coverage from these insurers. And of course, having to go through all of it again if you do happen to make a claim.
Some vendors and service providers have been including insurance options with their service(s). Yes, London Security is one of these. Our services not only fulfill and meet many, if not most, of those requirements, but we actually exceed them in a majority of cases.
A quick and simple email exchange or phone call could answer most of your questions. Fill out the form below or email us for info
Sources:
Insurance Journal
Insurance Today
Cyber Insurance Top 5 Trends - ACAGlobal
ZDNet Sophisticated Malware Is Targeting Routers To Break Into Networks
Computer Weekly - "Cyber Insurance... but don't count on it"
