(some will pay, some won’t… pls read on..)
“There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”
John Chambers, former Cisco CEO
Protecting one’s data privacy has never been more critical as the COVID-19 pandemic has created dramatic changes to how we work, live, play and learn in 2020. Governments need personal health information to control the spread of the virus, and organizations need safe tools for remote working and learning. Consumers are often caught in the middle.
Most people do not trust the digital tools they need to use for remote interactions. And while some organizations had enabled remote interactions before the pandemic, many were challenged to find or develop the digital tools and scale needed to support this shift.
Not respecting data privacy can cause consumers to terminate, even long-standing, important business relationships.
Cybercrime has steadily increased during the last years, as perpetrators try to benefit from vulnerable business systems. Cyber-attacks hit businesses every day. Malware, phishing, “man-in-the-middle”, “denial-of-service” attacks, SQL injections, zero-day exploits, DNS tunneling, are some common types of cyber-attacks. There is also a surge over the previous years in fraud featuring forged business e-mails, also known as business e-mail compromise.
Despite investment in cyber security being on the rise, the risk from attacks has leaped much higher in the recent months.
Networking increases risks along the entire supply chain
Digital dependencies and the use of a constant range of new, networked devices and applications are on the rise. Cloud-based services and the introduction of 5G drive this trend. The new, powerful technologies permit more intensive networking and automation of machines and devices in both industry and private households. Unfortunately, these are not always adequately protected.
Overall, we are seeing a significant rise in global IT investment in cyber security. Experts estimate the figure will be approximately USD 400bn in 2025, which corresponds to a fourfold increase in the space of a decade. A portion of this will manifest itself as a demand for insurance solutions and services.
Increased demand for cyber insurance
The biggest demand for cyber insurance comes from the industries most affected by attacks: the health sector, telecoms, energy, manufacturing, IT, finance and service companies. Risk awareness of cyber losses is increasing for reasons other than media reports. Stricter requirements under tighter regulation, and undertakings required by business partners, are assisting a steady increase in demand for cyber insurance.
The range of quality cyber insurance products has also improved in recent years, with individual solutions for large enterprises predominating. Protection against business interruption and data theft remain key coverage elements. Awareness of their own exposure, which is often substantial, is also increasing at small and medium-sized enterprises.
The Truth Is
Cybersecurity insurance is a must for every business. It is therefore urgent to check on your cybersecurity insurance coverage now. The COVID-19 crisis, the worst recession in a century, and social upheavals, create fertile ground for more cyber-attacks.
The cyber insurance market is young but developing quickly.
In such insurance market conditions it is best to enter early. But be alert, the wrong kind or amount of coverage could be worse than having none at all. A false sense of confidence could end up costing your business more – or cause you to lose it altogether.
All cyber insurance policies are not created equal. Some will pay your ransomware; some won’t. Not all will pay your regulatory fines. Many won’t cover the costs of improvements, after a hack, that could protect you from getting hit again.
Your enterprise’s resilience — the ability to recover from a disruption within established limits for time and costs — may depend on having adequate, reliable cyber insurance to decrease your costs and time-to-recovery after a cyber-attack.
If you are a C-suite executive, you know that if your enterprise gets breached, the buck stops with you — or goes all the way up to the CEO. And the Board also has responsibility with its oversight role of management. But how can you and your teams know if the coverage you have is right for your business?
Knowing which questions to ask about cyber insurance can prevent you from making the wrong choices, while protecting your business and bottom line.
Key cyber insurance questions that every C-suite executive might (or should?) ask:
- Do we have a cyber insurance policy?
- Who owns the task of mitigating cyber risk with insurance?
- Do we have the right amount of cyber insurance?
- What does our policy cover?
- Does our insurance provider understand our industry and its risks?
- Is our policy flexible enough to adapt as our business grows?
In short: The responsibility for protecting the organization’s systems, network and assets sits at the very top: The CEO owns the risk. The role of the CISO, CIO and CRO is to make the CEO understand how much risk he or she would carry by not having adequate cyber insurance. The Board should also discuss and be comfortable with the cyber risk appetite as part of its oversight role of management’s activities.