The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases.
Some Akin Gump Strauss Hauer & Feld LLP’s law firm clients, for example, reported a three-fold increase in insurance rates, and carriers are making “a huge pullback” on coverage limits in the past two years. Their cybersecurity practice co-head, Michelle Reed, adds, “The reduced coverage amount can no longer shield policyholders from cyber losses. A $10 million policy can end up with a $150,000 limit on cyber frauds.”
The cyber-insurance situation is so concerning that the U.S. Treasury Department recently issued a request for public input on a potential federal cyber-insurance response program. This request is in addition to the assessment led conjointly by the Federal Insurance Office (FIO) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to determine “the extent to which risks to critical infrastructure from catastrophic cyber incidents and potential financial exposures warrant a federal insurance response.”
This is a direct result of the evolution of the nature of cyber-attacks that mirrors the evolution of digital environments and the cryptocurrency crime facilitation effect. On the cybercriminal side, DIY malware kits and Malware-as-a-Service platforms have removed the cybercrime barrier of entry and made launching complex attacks affordable for wannabe criminals lacking tech-savviness.
Cyber insurance coverage used to cover only business interruption, data recovery, and infrastructure damage. Today, they are also expected to cover cyber extorsion costs, reputational risks, non-compliance fines, and third-party liability risks, a growing field as interconnectivity between organizations keeps expanding.
images from Hacker News