The emergence of cyber attacks as a major cause of business losses has prompted the insurance industry to adapt, and cyber insurance is now offered by a number of companies to mitigate the financial impact of a cybersecurity breach. But the rapid increase in the number and size of cyberattacks and ransomware demands has put pressure on the cyber insurance industry, prompting changes that affect the pricing and availability of cyber insurance plans.
Chicago-based Fitch Ratings reported in April that insurance companies that provide coverage for cybersecurity incidents saw "substantially higher segment claims losses in 2020 than in prior years." As a result, the cost of cyber insurance plans has gone up, jumping by more than 22 percent last year; client businesses paid an additional $2.7 billion in premiums. Despite this, the analytics firm says that the number of standalone and packaged cyber coverage policies grew even faster, up by 29 percent in 2020. "Demand is driven by the need for risk management expertise and insurance protection by firms of all sizes due to incidence of network intrusions, data theft and ransomware incidents that have increased substantially in the last two years," Fitch Ratings writes.
SEE ALSO: Cyber Insurance Rates Rise as Cases Grow
On the flip side, the insurance industry is clearly facing increased exposure, making the business riskier for providers. "A large unforeseen cyber event, such as a massive cloud intrusion or attack on infrastructure, could result in substantial individual incurred losses," Fitch Ratings says. In fact, in 2020, the direct loss ratio—the percentage of an insurance company's income that it pays for claims —spiked to 73 percent, the highest level recorded. As a result, some insurance companies are tapping out. One of Europe's biggest insurance companies, AXA, announced last month that it would stop reimbursing clients for ransoms they pay to hackers. Perhaps not surprisingly, AXA was hit with a ransomware attack a few days later.
While there are myriad costs associated with a cybersecurity incident, ransomware brings with it a specific demand for money. Ransom demands are rising fast, averaging $312,493 in 2020 but peaking at $30 million. And last year, ransomware accounted for 40 percent of all cyber insurance claims. It's no surprise, then, that AXA decided to stop reimbursing the ransoms that businesses pay to try to recover their data. Indeed, many cybersecurity experts believe that paying a ransom only fuels the ransomware epidemic. Some lawmakers have even proposed making the payment of ransoms illegal.
SEE ALSO: To Pay or Not Pay for Stolen Data
While cybersecurity insurance policies are becoming increasingly popular, we're seeing the space contract as the number and scale of attacks make it difficult for insurance providers to service policyholders. When it comes to protecting your computer systems and data from hackers, we recommend investing first and foremost in prevention. Because employees are the weakest link in any security plan, cybersecurity training for employees is a must. Technology has a big part to play as well, via a robust email security program that provides email encryption.
Paubox Email Suite Plus solves many security challenges at once. It provides seamless encryption using the latest industry standards to deliver HIPAA compliant email directly to your patients inboxes. At the same time, innovations like ExecProtect mitigate display name spoofing attacks, and Zero Trust Email requires an additional piece of evidence to authenticate every single email before being delivered to your team’s inboxes.