The cyber insurance market is hardening and becoming more mature as years pass and the market shifts and accommodates to new trends and data points. This means companies who are considering purchasing cyber insurance will need to keep up with a changing market and adapt.
Recent developments are affecting cyber insurance pricing, requirements organizations need to meet, and the cybersecurity technology and solutions that can impact the cost of cyber insurance for an organization.
We’ll show you what you need to know about recent cyber insurance trends and shifts, and how XDR, advanced detection and response tools, and MDR services can play a part in order to better enable you to intelligently procure cyber insurance.
A quick overview of cyber insurance
In a nutshell, cyber insurance is a service that can help offset some of the costs associated with a data breach or cybersecurity compromise. A data breach or compromise can be costly and not just because of the data lost or compromised. Depending on the severity of the compromise, a company can incur major costs associated with:
- Investigation: A company may have to bring in third-parties and a forensic investigator
- Response: An organization’s incident response requires funding and resource allocation
- Remediation: Remediation efforts and post-recovery costs such as providing affected individuals with identity theft protection are all done at the cost of a company.
This is why a data breach, on average, cost $4.24M in 2020.
However, cyber insurance is designed to offset many of the costs listed above at an incredibly low price compared to what a data breach often costs the average company. While costs usually scale up depending on an organization’s size, small businesses are those likely to benefit most from cyber insurance; the cost of cyber insurance is likely to be low and they have few resources to manage the costs of a breach.
As a general rule, we believe most, if not all, organizations can benefit from having cyber insurance for a number of reasons, the financial benefits alone being a good reason.
Recent developments in cyber insurance
The cyber insurance industry, for the most part, has been nascent, to the benefit of buyers. Underwriters, traditionally, have struggled to accurately quantify cyber risk. But in recent years, we’re seeing signs of the market hardening.
Increased compromises are leading to higher premiums
Cyber insurance costs are going up as a response to a higher frequency in cybersecurity compromises, data breaches, and ransomware. Ransomware payouts have been a particularly sore subject for cyber insurance providers. Last year’s accumulated ransomware payouts surpassed the previous 10 combined.
Ransomware is complicating cyber insurance payouts
Even with higher premiums, cyber insurance companies are facing huge losses as a result of ransomware payouts. This may be why ransomware may not even be covered by cyber insurance in the future. There’s precedence for that as, depending on who carried out the attack, a ransomware compromise could be classified as an act of war, which is not covered by cyber insurance.
Companies need to meet cyber insurer requirements
In order to better safeguard themselves, cyber insurers now have requirements companies must meet before they can be covered, making cyber insurance harder to purchase. The requirements vary by cyber insurance companies but here are some of the most common ones.
- MFA/2FA: Multi-factor authentication or two-factor authentication is one of the more effective ways to prevent automated attacks from compromising accounts.
- Firewall: This is a fairly easy solution to implement that reduces the risk of your network being exposed too easily.
- AV/Malware detection: An antivirus tool can help prevent and stop malware or other forms of malicious code or software from making its way into your environment.
- EDR: Endpoint detection and response (EDR) tools can help organizations detect anomalous behavior, unauthorized entry, allowing the company to react quickly and minimize the damage done by a potential compromise.
Investment in cybersecurity can reduce premiums
Cyber insurers are also incentivizing companies to further bolster and invest in their cybersecurity posture by offering discounts on insurance costs. This is a good opportunity for organizations to reap multiple rewards by investing in solutions and technologies that are quickly becoming necessary in a threat-filled environment.
While the discounts vary as well as what triggers discounts, organizations should look for detection and response solutions, endpoint protection solutions, ransomware protection, and additional asset and network monitoring tools.
How organizations can procure cyber insurance
For organizations looking to procure cyber insurance, we recommend the following:
Make sure you qualify: If you don’t have an antivirus, firewall, or implemented MFA/2FA across your organization, start there. As you start the research process, make sure you meet all the requirements a cyber insurer lists.
Consider an XDR solution: An extended detection and response (XDR) is a cloud-first EDR that provides similar detection and response services as an EDR but also incorporates telemetry and network information that provides a stronger overall picture of an organization’s security posture. In addition to bolstering an organization’s security, this may also reduce the monthly cost of cyber insurance.
MDR solutions can help with cyber insurance: Organizations can now partner with vendors who offer managed detection and response services (MDR). MDR solutions vary by company but commonly provide 24/7 cybersecurity support, give access to a SOC (security operations center), and engage in proactive threat hunting and threat intel to stop attacks and react quickly in the face of a compromise.
Many MDR providers incorporate technology and solutions as part of their service offering and are now offering cyber insurance as part of their service. This is a much more hands off approach to obtaining cyber insurance and can save leaders time and effort in choosing the right cyber insurer and making sure their organization is well equipped for it.
To learn more about cyber insurance strategies and requirements, register for the upcoming Cyber Insurance 101 webinar, brought to you by the Bitdefender MDR team, on March 17, 2022.
If you’d like to explore whether managed detection and response (MDR) services are a good fit for you, check out Bitdefender’s MDR page here.