Cyber Insurance – Why your company should consider it
Hiring insurance is nothing more than a risk management strategy. In this case, the organization transfers the responsibility in the event of an unexpected event to a third party (in this case, the insurance company). And with the increase in security incidents and data breaches, insurance companies have developed a new product to help organizations reduce the risk of cyberattacks: cyber insurance.
In this case, by hiring cyber-attack insurance, the organization transfers the obligations related to the costs they would have to pay in the event of a security incident to the insurance company. Typically, these costs are associated with recovering stolen data, paying ransomware ransoms, property damage, and even image recovery. But what factors influence the growing demand of companies for cyber insurance?
The first of these is the increase in connected devices. With the development of technologies such as 5G, the Internet of Things, and Industry 4.0, the number of devices connected to the infrastructure has skyrocketed. According to Zurich Insurance, the number of connected devices in 2020 has surpassed 50 billion, an increase of 19% compared to 2019. And this number is expected to grow even more in the next few years.
Moreover, the amount of data generated by these devices has increased exponentially. According to Ace Group, the volume of online data doubles every two years. And in times when data is the new oil, protecting an organization’s data (in addition to the personal data of employees, partners, and suppliers) is not about just complying with security policies and personal data protection laws such as LGPD, GDPR, CCPA, and the Texas Privacy Act, it is about ensuring business continuity.
Are you enjoying this post? Join our Newsletter!
Newsletter Blog EN
Another factor that influences the increase of cyber risks and contributes to an increase in the demand for cyber insurance is the migration to remote work, driven by the Covid-19 pandemic. Bring Your Own Device, shadow IT, and the use of insecure networks considerably increase the attack surface that can be exploited by malicious actors.
With this larger attack surface, the number of security incidents has also increased. A Checkpoint study has shown that the year 2021 broke records in terms of the number of cyberattacks. According to the study, there was a 50% increase in cyberattacks globally per week compared to 2020.
The costs of these cyber-attacks were also higher for organizations: according to the IBM Data Breach Investigation Report 2021, the cost of a data breach for organizations was $ 4.24 million, a 10% increase compared to 2019. In addition, the costs associated with cybercrime are estimated to have reached $ 6 trillion in 2021.
It is worth remembering that the question is not if, but when an organization will fall victim to a cyber attack. However, by implementing robust cybersecurity policies along with proper training of your employees and deploying cybersecurity solutions, it is possible to detect and mitigate the effects caused by these cyberattacks.
According to the Data Breach Investigation Report 2022, approximately 40% of data breaches were carried out using stolen credentials. Thus, the use of a Privileged Access Management (PAM) solution allows increasing the security level of privileged credentials in the environment, resulting in lower cyber risks and adequate business protection, in addition to compliance with security policies and data protection laws. By the way, many insurers even condition the issuance of cyber insurance policies on the implementation of cybersecurity tools such as PAM.
By hiring cyber insurance, organizations can ensure the costs of a cyberattack are covered by the insurance company, including operational losses and incident recovery costs. Moreover, insurance companies also offer full legal and security incident investigation support. In this way, the company can ensure that it is prepared if it falls victim to cyber attackers and that all efforts are made to recover its infrastructure affected by the security incident.