The Need-To-Know on Cybersecurity and Cyber Liability Insurance in 2022
According to the Identity Theft Resource Center (ITRC), 2021 broke the record for number of reported hacks and data breaches in a calendar year. High-profile attacks such as the SolarWinds hack, the Colonial Pipeline outage, and the CNA Financial ransomware attack are evidence that risk management policies and compliance are more vital than ever.
Common cyber threats to look out for –
- Ransomware – Ransomware attacks encrypt a device’s data allowing hackers to hold organizations for ransom until they’re paid to release it. Even when paid, they rarely do.
- Phishing – Phishing attacks are the practice of sending email links and attachments that appear to come from a reputable source, but are actually malicious. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine.
Ransomware and supply chain attacks are becoming more common, and businesses must protect themselves by implementing risk management policies that can address modern threats. The consequences of non-compliance are ever-increasing, there is no more room for excuses. Businesses must have a comprehensive cybersecurity strategy in place, and make sure that all employees are engaged and compliant.
As attacks have become more widespread, so-to has the demand for cyber liability insurance. For many, cybers insurance is already a necessary condition for the continuation of their overall coverage. Insurers have started demanding that companies increase efforts to decrease risk, even refusing coverage to non-adopters. As underwriters develop a better understanding of cyberthreats, their demands for coverage will increase. Large-scale cyber attacks have left companies “uninsurable,” interrupted services, and resulted in significant losses. Companies should anticipate a higher level of responsibility in risk assessment and reduction for 2022.
To get cyber insurance coverage, organizations must demonstrate to their insurer that they have adequate cybersecurity protocols in place. Businesses are now expected to implement:
- Multi-Factor Authentication (MFA)
- End-Point Detection and Response (EDR) – AI based Anti-Virus
- Automated patch management programs – Automated Windows and Third Party bug fixes and patches
- Encrypted data backups – Automated cloud backup software
- Staff awareness training on phishing emails provided by cyber insurance underwriters
Most insurance companies now allocate as much as 10% of their overall IT budgets to cybersecurity.