Subscribe   |   Contact   |   Client Portal

Insurers are Reducing or Dropping Ransomware Coverage | Most Companies Lack a Solid Security Plan

With cyber threats on the rise, now more than ever is the time to implement the best security protocols you can get your hands on.  Why?  Not only did ransom payouts exceed $500 Million in 2021, insurers are reducing their coverage amounts, requiring even more risk management and even dropping ransomware coverages altogether. 

Today’s digital landscape is evolving faster than the wild west and the great land race of 1893.  This enthusiasm of technology and online services has allowed for a flood of security breaches that are usually executed when something as simple as an unknowing employee opens an email and let’s the hackers in.  For this reason, and this reason alone, it is vital to implement solid security measures, educate your employees and yourself on the latest security practices so as to avoid such instances as much as possible.  

According to Financial Magazine, Insurers are wary of providing ransomware coverage as the increased sophistication of the hacks could mean access to data that provides whether or not that business has an insurance policy.  If they do, the hackers may feel as though a payout, or larger payout, would or may be guaranteed.  This makes insurance companies very nervous and in turn, has resulted in over ½ of them dropping their ransomware coverage payout amounts by more than 50%.  

Online business is pretty much how it’s done today and stopping all online communications and transactions is just not a feasible option for companies.  Even local businesses thrive and survive from their online presence.  FM-Magazine goes on to say that, “Lloyd’s of London, which has around a fifth of the global cyber market, has discouraged its 100-odd syndicate members from taking on cyber business next year.”  Now we all know that disengaging from doing business online will not happen but what is happening is businesses are getting smarter with how they collect, hold and transfer their data and finances.

Industries are becoming more aware of the cyber threats that are facing them from day to day.  All the while hackers are getting smarter.  Not even 5 years ago, most hacking attempts were focused only on scattered targets but not  anymore.  Nowadays, they’re looking for data to let them know if you have an insurance policy, access to 3rd party servers or vendors, and go so far as to read company finance reports to measure their ransom price vs taking a stab in the dark.  It has become increasingly invasive and this is in large the reason for companies like AXA to drop ransomware coverage, says  

So what should you do to help prevent yourself from being a soft target to hardened criminals?  Start by keeping your information as private as you can and definitely do not disclose your insurance status.  Scott Sayce, head of cyber security for Allianz Global Corporate & Specialty, says “We advocate to everyone you don’t disclose your insurance because that’s crucial to your business.”  And for good reason too.  The costs that result from such an incident are nothing short of horrifying.  Everything from the resources used to solve the hack or handle the issue, to the costs of rebuilding your systems, resecurring your systems, employing new security personnel or protocols and then of course, the insurance premiums going up… the nightmares are endless so what does this tell you?  Preventative maintenance to your system before any cyber attacks or threats arise is most likely your best angle of attack. 

It’s 2022 and we’ve had quite a timeline of cyber activity over these past few years.  Thanks to the ever evolving crypto market, cyber attacks have been able to isolate and shutdown systems followed by untraceable payment options.  The playing field has certainly changed, is your company protected well enough for its future?

So let’s say your company suddenly detects that there has been a security breach.  First things first, what happened?  Was there money stolen?  Data taken?  After looking into the details of the situation you’ll most likely want to know who executed the security breach, what was taken, changed, or reconstructed and how to track them down.  News flash, most tracing operations take about 6 months to locate and source the perpetrators that hacked your systems and stole your property. (ZD Net)  So if you’re not prepared, or at least trying to be, then you’re not doing enough to protect your business from attacks.

Keeping up to date with cyber security measures is a full time task and deserves the focus of a dedicated individual or individual service provider.  Did you know that you have a good chance of being more vulnerable with multiple security providers?  Coordinating an array of outside party security services has it’s disadvantages.  According to Cisco, about ½ of the cyber risks most companies face is by commingling cybersecurity service providers.  Having one single provider for all of your security needs, isolates issues faster and leaves your company less vulnerable to cyber breaches.  Especially through IoT devices.  Which brings me to my next point, do you know what IoT devices are?

According to SimpliLearn, “IoT devices are hardware devices, such as sensors, gadgets, appliances and other machines that collect and exchange data over the Internet.”  That’s right, in case you were wondering, your Alexa can give access to your system and so can your smart fridge.  It’s kind of scary to think about it but our desire for convenience has opened the door to data being stored, shared and used in ways most can’t imagine.  You and your coworkers just wanted a new fridge but even back in 2014, NBC News reported that security firm Proofpoint had, “uncovered a cyberattack that involved the hacking of “smart” home appliances connected to the Internet. Hackers broke into more than 100,000 gadgets — including TVs, multimedia centers, routers, and at least one fridge – and used the appliances to send out more than 750,000 malicious emails.”

With such vulnerabilities available for hackers and wrong doers to exploit, it makes more sense than ever to focus a portion of your company or businesses assets to securing your digital world.  Small businesses make up 43% of the cyber attacks that occur each year, says Small Business Trends.  So if you’re thinking to yourself, I’ m just a small-time local business, I’m safe, then you’re already behind.  

Cybint, a global cyber education company, says, “The global average cost of a data breach is $3.9 million across SMB’s.”  If your digital security is not up to date or in place then this statistic should get you moving in that direction.  Unless of course you have $4 million to just put aside for that rainy day.  

So in summary, it’s very important to take a look at where your company is now in regards to online security, and where it can focus its attention to improve its ability to thwart off dangers.  The Cybersecurity and Infrastructure Security Agency (CISA) has free courses available.  CISA, “works with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructures for the future.”  Free training courses are provided to the public by FedVTE, (Federal Virtual Training Center), and can be found on their website.