The past decade has exponentially increased the world's radar on cybersecurity threats and vulnerabilities. These years have shifted society into a primarily digital where business, social, and financial matters are typically handled through some form of an online platform. In the past two years alone, due to the pandemic, the few areas of life that remained physical are primarily digital now as well. A report by Purplesec for 2021 claimed that cybercrime has increased 600% since the start of the pandemic. While insurance agencies and those prone to threats have had a keen awareness of the rising risk, the government is also stepping up and claiming some responsibility in providing protection to the general public.
Is Cyber Insurance Worth the Investment?
Cyber-attacks have become a top threat to businesses both big and small in the last decade. Social engineering schemes, malware, and ransomware have all seen a significant uptick, especially since the start of the pandemic. According to the Identity Theft Resource Center, 2021 has already hit a record high for cyberattacks, exceeding the total amount in 2020 by more than 17%. So, with cyber threats (and the cost to mitigate them) skyrocketing, its time to consider investing in Cyber Insurance to protect your business.
Small businesses face an increased risk of cyberattack. More and more cyber claims stem from small businesses and small businesses make up an increasing share of the total losses caused by cyber attacks. As this threat evolves, small businesses can no longer ignore their cyber risks without facing disastrous consequences.
On July 15, 2020 a number of high-profile, verified Twitter accounts were hacked. The goal seemed to be to push a double-your-money scam using Bitcoin. Some estimate that the hackers were able to net $100,000 in the cryptocurrency in a matter of minutes. These kinds of scams have always been prevalent on social media platforms, but never have so many notable accounts been taken over at once.
What does this mean for businesses that use Social Media, including Twitter, as a channel for promotion and outreach?
Given the relative newness of cyber insurance policies, comparatively little case law exists interpreting these policies in the context of claims. Courts have sometimes struggled with how to interpret unique policy provisions in the context of variations of computer fraud. While some courts have taken highly technical approaches to the language contained in the policy, other courts have taken a more relaxed approach based on the understanding of the parties. A recent case out of the Eleventh Circuit Court of Appeals highlights these issues. Principle Solutions Group, LLC v. Ironhorse Indemnity, Inc. tackled a claim dispute between an insured business and an insurance company involving a cyber claim.
Companies without cyber insurance can find themselves in difficult situations. As more and more vital business functions migrate to electronic systems, companies without cyber insurance have to try and find coverage for any damage to their systems through traditional insurance policies. That approach can work depending on the specifics of a policy and a claim, but it might lead to additional legal costs fighting with the insurance company.
Ransomware attacks have increased in frequency over the past few years. They now rank as the second most frequent type of claim against cyber insurance policies. Experts estimate that a new business is hit with a ransomware attack every fourteen seconds. For 2019, early information is showing that the frequency of ransomware attacks may be decreasing. This seemingly positive trend comes with two significant drawbacks however.
In the event of a cybersecurity breach, any company with a cyber insurance policy should contact their carrier as soon as possible. One of the first steps the cyber insurance carrier will take is to hire a forensics company to investigate the breach. Digital forensics is one of the more expensive aspects of most cyber claims, with costs typically ranging from $20,000 to $50,000.
There are recognized patterns of higher risk. For example, Hurricanes and earthquakes do catastrophic damage to a specific geographic area. These natural disasters pose unique risks to insurance companies as a result of that history. If an insurance company insures at lot of this type of risk, it can face massive losses and have its financial stability threatened. For this reason, insurance companies try to avoid insuring too many homes or businesses (for this example) in an at risk area for hurricane or earthquake damage. While this helps keep insurance companies financially sound, it can make coverage harder to obtain for those who need it most.
The problem of Social Engineering techniques called Phishing, Whaling, Spear Phishing, Pharming, or Impersonation Fraud has become significant and widespread in recent years. The insurance industry has made efforts to keep these risks in mind for cyber liability policies. Sometimes there is language added that will protect a company, but sometimes communication is added to a basic policy that would not protect a business against these specific risks.