Cybercrime has seen a widespread increase during the COVID-19 era due to organizations and citizens being vulnerable to attacks because of the panic and uncertainty brought on by the pandemic. This spells trouble as Insurance company Hiscox reported that insured cyber losses for organizations amounted to around $1.8 billion in 2019, a 50% increase from 2018.
With a probable rise in cyberattacks during the pandemic, most organizations are looking towards getting cyber insurance, with an estimate of over $1 billion in protection. However, the cyber insurance industry is showing no signs of growth due to the likelihood that a lot of payouts will have to be made to organizations due to the increase in cyber attacks.
Removal of the safety net
If the cyber insurance industry diminishes, it also takes away an essential risk management tool for companies that are vulnerable to cyber-attacks. Problems arise even for organizations that do not have cyber insurance, such as deciding how much insurance coverage is required.
The reason this problem exists is because there is minimal data available to businesses about how costly cyberattacks are, especially if the business has not experienced a severe attack in the past. The cyber insurance industry has also not effectively provided a proper baseline for the average amount of coverage a company should get.
Early estimates suggested that approximately 20% of the global cyber insurance industry was taken up by companies that had at least $200 million in protection.
This stat shows a recurring problem for the insurance industry as attacks on a few of these companies would result in the industry being brought to its knees. As the premium increases, so does this problem, as companies with higher amounts in protection become even riskier to hold.
This data may suggest that bigger companies will invest more in cybersecurity. However, this is not the case despite 25% of the Fortune 500 companies having fallen victim to a data breach in the previous decade.
Big corporations have the resources to dedicate to their cybersecurity division, but this only provides more incentive for hackers as they feel that the prize of infiltrating the company would be much more significant.
Managing the risk
The increase in attacks coupled with the lack of growth in the cyber insurance sector means that there is likely to be a surplus of demand for cyber insurance. Thus, companies must logically evaluate the situation.
Oftentimes cyber insurance is bought so that companies don’t have to invest people and resources towards creating a robust cybersecurity system. This should never be the case, as insurance should be used to help recover from cyber-attacks rather than to neglect any responsibility.
Investing in a robust cybersecurity system, firms can improve their defenses from attacks while also understanding the financial impacts should an attack occur. This is because organizations can then understand how valuable their data is and what breaches would cost to the business. Through this, companies can also prioritize which assets are more valuable and focus cybersecurity towards protecting them.
Cybersecurity is still an issue that is taken lightly by firms. The lack of clarity and growth of the insurance industry hasn’t helped either. Thus, firms will have to carry out a risk assessment and install appropriate cybersecurity measures themselves, only relying on insurance to help recover from the financial implications caused by an attack.