• JIT Access
        • Self Service Secure Passwordless Authentication

        • JIT Policies
        • Effective Access Policy Control for your entire organization

        • PAM
        • Simplified Privileged Access Management for the cloud and onPrem

        • JIT Approvals
        • Secure Custom Non Repudiation Approvals Management

        • Healthcare
        • Learn how to completely secure the Healthcare environment.

        • Legacy Devices
        • Learn how to leverage our JIT platform to secure your legacy and IOT devices.

        • Vulnerability Mitigation
        • Discover how using JIT Access and PAM can prevent a variety of CVE’s and attacks.

        • Compliance
        • Learn more about how our audit and compliance tools can help you maintain compliance.

        • Passwordless
        • Going passwordless doesn’t have to be hard. Find out how we can get you up and running fast.

        • Protecting Users with Intent
        • Upgrade your security, reduce costs and empower your users by capturing intent.

Cyber insurance claims rose by 200% – will cyber attacks keep premiums skyrocketing?

Ransomware extortion is sharply on the rise, and it’s causing cyber insurance to cost more and cover less.

The cybersecurity world has run into a massive problem in the last few years with cyber insurance, which is designed to reimburse the cost of cyber attacks and system interruptions caused by covered triggers.

What happens when the landscape changes and cyber insurance minimums like MFA aren’t enough to get a policy for coverage or claims payouts? 

During COVID-19, the landscape changed drastically. Ransomware attacks unexpectedly increased by 72%, shaking up the cyber insurance industry. With cybersecurity attacks on the rise, the cyber insurance industry is poised to quickly evolve to mitigate risk. Between denied claims once covered to increased minimums for new policy coverage, businesses need to update and extend their protection or risk of qualifying for cyber insurance. 

Without cyber insurance protection, can any business afford to cover the $14+billion in losses in the last year on their own?

Let’s take a deeper look at the state of the cyber insurance industry and the impact recent, continued cyber attacks are having on claim denials and innovation in the space.

ransomware on computer

The state of cyber insurance claims

One study revealed that cyber attacks have increased by 100% in the last three years. Plus, claims that were paid out to policyholders increased by 200%. As you can imagine, this has sharply decreased margins for cyber insurance companies, despite direct written premiums growing 74% in 2021 to over $4.8 billion.

Ransomware is a type of malware hackers use to block access to critical information or obtain sensitive data, threatening to release it unless paid. It’s used to extort companies that fork over cash to protect their stolen information.

Description of ransomeware

As these attacks dramatically increased, so did the price of extortion payouts. In the first half of 2021, the average ransomware payout increased 82% to a whopping $570,000. Unsurprisingly, cyber insurers have more than doubled the cost of premiums while simultaneously decreasing coverage. And premiums are poised to increase even more in 2023.

Cyber attacks squeeze insurance providers

Because of the explosion of cyber attacks and increasing payout costs, policyholders and the providers themselves are getting hit. Even if a company is reimbursed for the cost of an attack, its insurance options are dwindling.

Hackers are squeezing too much money out of people for the status quo to remain as it has been. This means that policy changes are coming almost as fast as cyber attacks. And companies are getting the short end of the stick on both sides.

Another concern cropping up for cyber insurance providers is centralization risk. Because so many companies rely on a few large providers for cloud services or mobile operating systems, if one were to experience a severe breach, the damage to its thousands of customers would be incalculable. 

All of these factors are prompting insurers to make policy changes such as:

  • Acts of war cannot be covered

  • Insured companies must use MFA

  • Certain employee training requirements must be met

  • System monitoring standards must be met

  • Proof of security controls must be provided

  • Attacks must be disclosed to providers 

Not only are more rigorous requirements placed on companies that want insurance, the types of claims that can be filed are more specific than they used to be. Ransomware, for example, is now its own trigger category. And different levels of coverage are needed for IT system interruption, partner system interruption, and total business interruption.

Computer code that has been hacked

Insurance isn’t cybersecurity

In the past, it was possible to fall into the trap of believing that if there was a gap in your company’s security, insurance would make up for it. That was never the most prudent attitude to have, but today it’s downright dangerous to have any form of cybersecurity theater. Assuming cyber insurance will be a failsafe against cyber attacks is asking for trouble.

Firstly, it’s an increasingly expensive way to strategize. With premiums skyrocketing, you only want the policies that your company needs. Don’t think you’ll have blanket coverage for any attack you couldn’t prevent yourself.

Your company could spend more money in court if you don't have a good insurance policy

Another reason it’s dangerous to think of insurance as a stopgap is that it can end in costly litigation. If your policy doesn’t cover what you hope it will, or if the language requires interpretation, your company could spend more money in court than it would have on preventative cybersecurity measures.

Even if you believe your systems are secure, there’s the possibility of supply chain attacks through third-party vulnerabilities. Assuming insurance will cover these instead of doing due diligence on vendors is a mistake that can cost money, sensitive information, and brand reputation.

digital umbrella

Ways to avoid claim denial

Since cyber insurance is getting more expensive and more specific in its policy coverage, there’s an increasing danger of having a claim rejected. That means you’ll get hit twice by losing both the cost of the attack and getting a denial for your insurance claim. 

If your company is breached, here are some ways to avoid having your claim denied:

  • Perform and document regular system updates and security checks
  • Make sure employees are educated on social engineering risks

  • Thoroughly document existing prevention measures

  • Understand and review the terms of your cyber insurance policy

  • Consider the language used in the policy that might need interpretation

  • Review all limits, sublimits, deductibles, and time deductibles on the policy

With more financial stress on cyber insurance providers and claims increasing alongside cyber attacks, Insurers are not inclined to pay for anything they don’t have to. It’s your responsibility to make sure you identify what coverage you need and understand the policy details.

Cybersecurity is becoming more important, not less

Protecting against cyber attacks is a round-the-clock task. Technological advancement is happening so fast that even those in the trenches have difficulty keeping up. That’s why cybersecurity for companies of all sizes is becoming more critical by the day.

The cyber insurance industry is running as fast as it can to keep up with threat actors, but right now, none of us are certain it’s going to be enough. Is your company prepared?

Scroll to Top