Cybercriminals have unwittingly created an impressive, and legal, money-making opportunity – cyber insurance. The cyber insurance market is about to become huge, as experts believe companies will double their spending by 2020 to some 8 billion – 9 billion dollars compared to last year’s average of 3.4 –billion 4 billion, Munich Re, the world’s leading German reinsurance company, recently announced.
The forecasted growth is directly linked to the ever-increasing number of Internet of Things devices, expected to reach a staggering 125 billion by 2030. IoT security is still a grey area as too many connected devices are released on the market even though they have vulnerabilities that expose them to cyber threats. In spite of this, they are still widely integrated, not only in the day-to-day life of individuals, but businesses and institutions have also found ways to benefit from machine-to-machine communication.
"Increased networking of machines, and equipment in particular, can also give rise to very complex risks such as data theft, disruptions in the interaction between networked machines, and even the failure of entire production lines and supply chains," Munich Re explained. "The economic costs of large-scale cyberattacks already exceeds losses caused by natural disasters. Where small and medium-sized enterprises are affected, such attacks can soon threaten their very existence. This trend will continue as more and more machines and devices are connected.”
CISOs should reconsider their cyber budgets sooner rather than later and, besides deploying multi-layer security solutions, look into purchasing cyber insurance policies for their infrastructures for risk mitigation and cyber risk transfer. Enterprises have to protect themselves from targeted attacks because, considering the current climate and emerging threat landscape, they will at some point be affected by security incidents.
Cyber insurance sales are about to take off because traditional insurance policies don’t cover ransomware or DoS attacks, for example, and the industry needs to adapt to the landscape. Companies are starting to understand that they need to cover all risks -- when a cyberattack hits, they need to be ready. Ideally, a comprehensive insurance policy should include a thorough forensic investigation of the incident, and cover first-party losses and third-party claims, data breaches, hardware destruction, notification of infected parties, computer hacking, extortion, defamation, financial loss resulting from operation shutdown, sophisticated threats, data theft and malware campaigns, to help affected companies recover and get their operations back to normal.
A great example showcasing the importance of cybersecurity insurance and risk management is the recent ransomware infection of a small town in Ontario, Canada. The municipality’s computer network was infected with ransomware and all computers linked to it were shut down on September 1. Town officials said they were negotiating with the hackers and willing to pay the bitcoin ransom. However, they also had a cyber insurance policy that they took out after a neighboring town suffered a similar attack earlier in the year.