As many businesses across the produce industry have learned, cyber insurance premiums are soaring, with some estimates of increases of 50% or more, according to infosec experts and vendors.
In 2020, the National Association of Insurance Commissioners (NAIC) reported a cybersecurity insurance market increase of 29.1% over the previous year, highlighting the growing risk of cyberattacks.
Payouts are costly, which is driving a significant climb in premiums and, in some cases, all-out rejections from coverage. Here, we explore five trends around cyber insurance to watch.
Premiums are getting more expensive.
As with the difficulty of buying fire protection in states like California, where wildfires have been prevalent the last few years, cyber insurance is now more expensive because of the uptick in claims.
Between 2016 and 2020, the average cost to the insurer for a cyber incident for small and medium business (SMBs) is $145,000, according to NetDiligence’s Cyber Claims Study 2021 Report. For larger companies, that increases to $10 million. More claims mean steeper costs. Q4 2021 saw increases of up to 89%.
Insurers are putting more emphasis on risk management.
2020 was a tipping point as claims boomed. As a result of the almost instantaneous work-from-home shift, risk increased exponentially. Normally the shift is a journey where a business sets up protocols and best practices for protecting the organization remotely, but because of a lot of rushing and pivoting, the risk of cyber threats increases.
In response to this, carriers realize that they need to work with businesses that engage in cyber risk management, including things like:
• Enabling multi-factor authentication (MFA)
• Having backups available
• Creating an incident response plan
• Patching systems regularly
• Engaging in regular cybersecurity training for employees
This is also having a significant effect on renewals, with new risk management best practices that need to be met to qualify.
There’s an increasing focus on your weakest vendor.
While the common language in vendor agreements hasn’t adjusted for new cybersecurity risks, you may be liable for failures to protect data. Your business can take many approaches to solidifying its technology security, but when a vendor has access to critical business information and doesn’t follow the same stringent security protocols, you may still be at risk.
Cyber insurance policies are beginning to look at who has access to your network and how that information is protected, so it’s critical to know what your vendor’s true exposure is.
More options are available, such as captive insurance programs.
One trend emerging to help businesses gain cyber insurance coverage is leveraging a captive insurance program, which is a company used to insure a wide range of risks.
The pros? The ability to tailor coverage for hard-to-insure or emerging risks (cyberattacks included), flexibility for managing risk, ability to apply alternative strategies to deal with insurance market cycles, and more.
The cons? The starting cost for a captive can be prohibitive (and so can the exit), you may miss the benefits of a traditional insurance agency, and your own capital may be at risk.
Cybercriminals are getting smarter.
While there is a fair number of criminals that launch a multitude of attacks to try and gain access to your network, there are many that are becoming smarter at their scams.
For example, they may target a new front desk person by emailing them with a phishing attack under the guise of an onboarding training. As individuals, we must be aware of the world around us, follow proper procedures, and work to reduce the risk we pose to the organization through increasingly complex attacks.
There’s a need across multiple industries – including fresh produce and agriculture – to build good cyber resilience. You can have great protocols in place, but if your employees aren’t using best practices to thwart would-be attacks, it doesn’t matter.
The bottom line is: a cyber insurer’s requests are closely aligned with cybersecurity industry standards. Being proactive can help change the trajectory of your business and make you a better candidate for cyber insurance.