INDIANAPOLIS — When we think insurance coverage for a business, fires, damage or lawsuits come to mind.
Now, cyber insurance is on more businesses' radar, according to insurance broker Reid Putnam.
"Cyber insurance as an insurance policy has been around for 20 years, it started in the financial industry segment," Putnam said, "and really, really caught steam five years ago."
Putnam, who is with Gregory & Appel in Indianapolis, said these policies used to be relatively easy add-ons.
Not anymore.
Because when cyberattacks are up, so are claims, and insurance companies don't make money paying claims.
"The reality is the insurers largely have lost money on cyber insurance over the last 18 to 24 months," Putnam said.
And the cost of a claim? That's up, too.
"Both the average cost of a claim has risen, but also the high end of those claims has risen. Extortion demand a couple years ago may have averaged out less than $200,000. Today, it's probably averaging out twice as much as that. And that's just the extortion demand. That's not the associated costs you incur because of the breach; the IT forensics, the attorney firms, the credit monitoring and ID restoration," Putnam said.
Mark Friedlander with the Insurance Information Institute said when it's time for renewal, many policyholders will see double-digit premium increases.
Friedlander said that coverage will be increasingly difficult to attain for policyholders who fail to demonstrate property cybersecurity protocols or have experienced previous cyber incidents. He said the most common categories of cyberattack included malware, ransomware attacks, phishing/smishing attack, and password attacks.
That's why you are likely seeing your employer require more cyber training, multi-factor authentication, even pop quizzes testing your ability to dodge a bad click.
Putnam said he's seen a dramatic increase in the underwriting diligence and evaluation of clients.
"What was acceptable 12 months ago, is no longer acceptable," Putnam said.
Friedlander said the Insurance Information Institute recommends business owners follow these seven steps to become more resilient to cyber threats:
- Understand your cyber risks. Businesses are vulnerable to cyberattacks through hacking, phishing, malware and other methods.
- Train staff. Those engaged in cyberattacks find a point of entry into a business’ systems and network. A business’ exposure can be reduced by having and enforcing a computer password policy for its employees.
- Keep software updated. Businesses should routinely check and upgrade the major software they use.
- Create back-up files and store offsite. A business’ files should be backed up either as an external hard drive or on a separate cloud account. Taking these steps are vital to data recovery and the prevention of ransomware. Ransomware is when a cyberattack results in a situation where a business is asked to pay a fee to regain access to its own data.
- Ensure systems have appropriate firewall and antivirus technology. A business should evaluate the security settings on its software, browser and email programs.
- Establish a data breach plan. A business should remind its employees to review periodically the data breach detection tools installed onto their computers. If a data breach occurs, employees must notify the business immediately to prevent further loss.
- Protect your business with insurance coverage designed to address cyber risks. Cyber insurance coverage typically provides protection for costs associated with data breaches and ransomware.