In 2020, one of the largest data breaches in history was perpetrated against several companies and government agencies, including the network management software firm SolarWinds. Around 18,000 of SolarWinds customers were affected. It was a major and long-running attack, and the full impact is still being sorted out.
Cybercrime is exploding, and it’s one of the top risks faced by business owners today. In the first half of 2019 alone, more than 4.1 billion company records were exposed according to the 2019 Data Breach QuickView Report by Risk Based Security. And since the Covid pandemic began, cyberattacks have increased by almost 400 percent, with 68 percent of companies reporting an increase in fraud, according to the FBI.
The SolarWinds Impact on Cyber Insurers
The SolarWinds attack was a disaster from a national security standpoint. But the insurance industry appears to have dodged a potentially very expensive bullet. Insured losses are estimated at $90 million according to a joint financial analysis by BitSight, a security ratings firm, and Kovrr, a leader in data-driven cyber risk modeling. Not a small event, but it could have been so much more catastrophic.
Still, the SolarWinds attack and other large cyberattacks in recent years are having a decided effect on the insurance industry and, in turn, on cyber insurance rates and coverage for business owners. And the threats continue to evolve.
Moving Targets
Not only is the threat on the rise, but cyber criminals’ targets are also evolving. Not long ago, large corporations were the preferred target of ransomware and other data breaches by malicious hackers. In 2014, large retailers such as Target, Nieman Marcus, and Home Depot were hit hard. In 2015, it was large healthcare providers such as Premera Blue Cross and Anthem.
In response, large organizations started beefing up their cybersecurity infrastructure and became harder targets. So today, hackers have turned their attention to smaller, less well-protected companies. And the threats go beyond data risks. Like large corporations, mid-sized and smaller businesses are also at risk for major business disruption, the ability to earn an income, and the ability to operate successfully.
Today, businesses of all sizes should have cyber insurance. Ransomware attacks are skyrocketing and many demands (even for small businesses) start at $1 million. Can you imagine having to pay that much to regain access to your own systems? Can you imagine having to negotiate and set up a cryptocurrency account to pay the ransom without an experienced insurer advocating for you? It’s not a scenario you want to be part of.
What’s in Store for Employers?
Cyber risks are evolving so rapidly, the insurance industry is scrambling to keep up. In short, the industry is experiencing growing pains that will affect employers in many ways, including the following:
- Insurers are changing how they underwrite policies and may be less forgiving about lax cyber security measures.
- Pricing is constantly changing as cyber risk policies adapt to rapidly evolving risks.
- Insurer appetite for risk is changing, and the “right fit” with a cyber insurance company will vary depending on your industry, company size, location, and unique risks.
- The policy application process will vary greatly by market and size of the risk. Some applications will have only a few questions, while others may have 100 and require a consult with a third-party risk assessment firm.
- Insureds will likely see a wide variety of forms, significant pricing differences, and new risk management services included in cyber
At the end of the day, insurers want their clients to be proactive about cybersecurity. That requires more than technology. It means being aware of the risks and how to manage them. And insurance should be an integral part of your cybersecurity plan, but never your sole safety net. Employing rigorous defensive measures and practicing good cyber hygiene is an essential first step.
