Why Cyber Insurance Costs are Rising (& How to Get Your Money’s Worth)
Are you paying for your cyber insurance and seeing costs rise each year?
You’re not the only one.
As a managed service security provider (MSSP), many of our clients at Intelligent Technical Solutions (ITS) have asked if cyber insurance is still worth investing in despite the rising costs. (Short answer: Yes. Yes, it is.) And while we strongly recommend all our clients have cyber insurance policies in conjunction with our services, it’s worth knowing why these prices are rising and how you can get the most out of your cyber insurance policy.
By the end of this article, you’ll have a clear understanding of the fluctuating costs and what you can do to keep the price point reasonable for your business.
Read: “Does My Company Need Cyber Insurance?”
Top Reasons Behind Rising Cyber Insurance Prices
Cyber insurance requires a high level of technical expertise and insider knowledge. Andy Liverman Anderson, Datastream CEO, shared his insight about the rising costs of cyber insurance. According to Anderson, there are two main factors affecting your cyber insurance premiums:
1. Higher rate of cyber attacks
Cyber insurance costs are rising across the board mainly because of the unprecedented cyber security risk in the current tech environment.
The gap between cybersecurity technology and cybercriminal technology has never been as small as now. It’s become so prevalent that criminals are even setting up products to cater to other criminals, such as Ransomware as a Service.
And while more attacks are happening, the cost of recovering from these attacks goes up too.
This is particularly from ransomware-based activity. According to Anderson, “you either pay the ransom, or the business goes down.”
Companies end up losing data, time, potential revenue, and customer trust during cyber attacks, and these lapses can cost millions of dollars even for small organizations—dollars that cyber insurance companies are expected to cover.
2. Increase in company value
The second reason cyber insurance costs go up is an increase in company value and revenue. And while more money is a great thing, a valuable cyber insurance policy includes coverage for business interruption. So, if you generate $100,000 every day but stop operations for ten days due to a cyberattack, your insurance company pays a total of $1,000,000. That’s payment for each day lost.
Therefore: a higher possible payout equals higher premiums.
How to Get the Most Out of Your Cyber Insurance
No one wants to feel like they’re underutilizing or overpaying for a service. When it comes to insurance, how do you ensure the best bang for your buck?
1. Look for the price per dollar of coverage.
If you find a cyber insurance policy with a low sticker price, don’t immediately celebrate.
“The lowest price is not always the best value,” Anderson warned. “Look for the price per dollar of coverage you’re securing instead.”
Always compare how much coverage you’re really getting vs. the rate you’re paying.
He claimed that very low-cost policies equal equivalently low coverage. Ensuring you read the fine print is essential, as you may be throwing money away on a plan that can’t cover all your needs.
One thing that makes low-cost policies seem more attractive is a high top-limit price—but includes sub-limits. Anderson pointed out, “You can have a $1,000,000 policy but be sublimated at a $50,000 ransomware coverage. Then if you have a ransomware event, [insurance] would only cover a $50,000 ransom.”
“If you’re a $12 million organization, a [ransomware] event may cost you several million. So, if you only had $50,000 worth of coverage, you’re basically gonna be on the hook for covering that difference, right? Because the insurance is not adequate.”
2. Work with experts.
It might go without saying to choose your cyber insurance provider wisely, but the importance of choosing the right partner can’t be understated.
“You want to work with someone who really understands the space, understands the coverage, and makes sure that you’re getting the best coverage for the price,” Anderson said.
3. View cyber insurance as part of a holistic cyber risk program.
The last piece of advice Anderson offers is to view cyber insurance as part of a comprehensive cyber risk program. Companies don’t need the most complex plans, as long as they have strong fundamental cybersecurity.
Cybersecurity specialists think about protection holistically, as the main goal is to reduce the risk and severity of any security events.
To get the most out of cyber insurance, business owners need to think this way too.
Like a three-legged stool, you need to mitigate security risk with a thorough evaluation of your tools and technology, compliance with processes, and cyber insurance.
Anderson encouraged company leaders and IT department heads to take an hour to sit down and think about the basics of their cybersecurity.
Some of the fundamental questions to ask are:
- Do you have the right security technology and controls in place?
- Do you have the right legal and logistic components for cybersecurity?
- Do you have a good incident response plan?
- Have you done a business impact assessment or cybersecurity assessment?
"You put yourself in a much better position,” he said, “in the case of an event. Events that go badly tend to happen in organizations that think, ‘This is never going to happen to me,’ and then end up having to deal with events like a surprise fire drill. And that’s painful.”
Ready to Get a Holistic Cybersecurity Plan?
All in all, managing your insurance costs is a balancing act between your company revenue and the current state of cybersecurity. Taking a holistic approach to cybersecurity is the best way to get the most out of your cyber insurance.
ITS and insurance providers like Datastream are constantly doing their best to guide companies toward the best cybersecurity path.
If you’re ready to prevent cyber breaches from happening and to make sure that you are practicing proper regulatory compliance to avoid any premium increases in future years, start by getting your network checked with a free cybersecurity assessment. If you’re still on the fence, continue your reading on this topic by going through the 5 Things to Check to Get Cyber Insurance Approval.