The 2024 Cyber Insurance Market

The first thing to bear in mind is that regulatory agencies never sleep, because they operate under the tenet of ‘Parkinson’s Law’, wherein the task expands to fill the time allotted for its completion. In effect, they are always looking for the next regulation to impose. We can expect changes in Cyber Insurance regulations and qualifications this year.

Regulatory compliance and standards are becoming more important in the cyber insurance industry as we see a rapid escalation in the evolution of cyber threats. In 2024, businesses may be required to comply with specific new regulations and standards to qualify for cyber insurance coverage. These regulations and standards may include requirements for data protection, risk management, and incident response planning.

For many Small and Medium-size Businesses (SMBs), this insurance niche is still a fairly new and unfamiliar concept. Avoid the concept that you don’t need it because you pay for ‘excellent IT support.’  That is the wrong way to think about it. Over the years, the percentage of data breaches that are caused by employees fluctuates within a small but high range: between 85% to 90%. These are untrained users who fall for phishing scams and click on malicious links or attachments.

Examine the history of Cybersecurity Insurance. When it was introduced in the 1990s, it was initially formulated to provide coverage for large enterprises, covering things like data processing errors and online media. Things have gotten more serious by leaps and bounds today, and it affects every business.

Since its inception, policies for cyber liability coverage have changed. These days, cyber insurance policies usually cover the typical costs of a data breach, including remediating a malware infection or compromised account.

Policies vary, but generally, they will cover the costs involved with things like:

Recovering compromised data

Repairing computer systems

Notifying customers about a data breach

Providing personal identity monitoring

IT forensics to investigate the breach (separate from your own IT services provider)

Legal expenses

Ransomware payments

The sheer volume of data breaches and the associated costs continue to rise. According to NASDAQ, 2021 set a record for the most recorded data breaches in a year, and breaches have continued to snowball. In the first quarter of 2022, breaches were up 14% over the prior year. In 2023, breaches went up 17% from the previous year.

Are small businesses vulnerable to cyber attacks?

Small, medium or gigantic - every business is vulnerable, and they are all targets. Small businesses often have more to lose than larger enterprises, as they do not have the same ability to absorb losses. About 60% of small businesses close down within 6 months of a disastrous cyber incident.

Unfortunately, it is not uncommon for businesses with less than ten employees to forego the cost of ongoing IT Support. Often, a friend or relative with a little ‘know-how’ will pitch in when needed. This situation does not typically ensure the best security measures.

The Cyber Insurance industry is evolving in relation to the aspects of the threats and ensuing liabilities. The changes in this type of insurance are caused by the increase in online danger and rising costs of a breach. Businesses need to keep up with these trends to ensure they can stay protected.

Some of the cyber liability insurance trends you need to know about:

Demand is Increasing

IBM documented the global average cost of a data breach in 2022 was at $4.35 million. In the U.S, it’s more than double that, at $9.44 million. As the associated costs continue to balloon, so does the demand for cyber insurance.

Organizations of all types and sizes are realizing that cyber insurance is crucial to the continuing viability of their enterprise. It is every bit as important as their business liability insurance. Without that protection, they can easily go under in the case of a single data breach.

Look for more availability of Cybersecurity insurance with the increase in demand. This also means more policy options, which is good for those seeking coverage.

Increase of Premiums

This is a case of a causal chain: With the increase in cyber-attacks comes an increase in insurance payouts, which in turn leads to higher premiums, and insurance companies are increasing premiums to keep up.

These increases have been driven by the costs from lawsuits, ransomware payouts, and other remediations. Insurance carriers aren’t willing to lose money on any type of policy, let alone cyber policies, so it stands to reason that those policies will get more expensive – especially since they are more necessary now than ever.

Certain Coverages are Being Dropped

Some types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for ‘nation-state’ attacks - those that come from a government.

Many governments have ties to known private hacking groups – Russia is the most prolific, whereas China and the US maintain state agencies for this job. A ransomware attack that hits consumers and businesses can very well land in this category.

In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises and those statistics have remained in the same range ever since. So, if you see that an insurance policy excludes these types of attacks, be very wary.

Alarmingly, another type of attack payout that is being dropped from some policies is Ransomware. This is a foreboding trend that any decent IT services provider should be aware of, because Ransomware has been on a dramatic rise since early 2020, corresponding with the onset of the COVID pandemic and the massive rise in the remote workforce.

Paying cyber-ransoms for clients is not cost-effective for insurance carriers. So many are excluding these payouts from policies, putting a heavier burden on organizations. They need to ensure their backup and recovery strategy is well planned – which they should ALREADY be doing.

It’s Becoming More Difficult to Qualify

Just because you want cyber insurance, does not mean you are going to qualify for it. Qualifications are becoming stiffer because insurance carriers are getting more risk-averse to cyber issues, especially with companies that have exhibited a poor history of cyber hygiene. Think of trying to get automobile insurance when you’ve received ten traffic citations and caused five collisions in the last two years. Good luck with that.

Some of the factors that insurance carriers look at include:

Network security

Use of things like multi-factor authentication

BYOD and device security policies

Advanced threat protection

Automated security processes

Backup and recovery strategy

Administrative access to systems

Anti-phishing tactics

Employee security training

It is becoming more prevalent that you will be required to fill out a long questionnaire when applying for cyber insurance. The proposed insurer will specifically want to know what network security measures are in place. It is highly recommended to have your IT services provider help you with this.

In reviewing the questionnaire, your IT support can identify security deficiencies and suggest enhancements (if they are worth their salt, robust defenses should already be in place). Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums.

Before you apply for cyber insurance, it pays to do this type of security review as it can save you time and money. It can also fortify your defenses against cyber-attacks.

Frequently Asked Questions

What is the average cost of cyber insurance?

Naturally, the cost varies according to the amount/type of coverage and the state where you operate. Small businesses pay an average of $145 per month or $1740 per year. That is not so much when you look at the fines and penalties you could be facing after a breach. With a serious breach, the fines, penalties, and ensuing litigations can put even a healthy company out of business.

What are the types of cyber insurance?

Just like any insurance coverage, specifics apply. Choose what you need and be sure it’s included. Wikipedia offers a simple breakdown of the different types HERE. The types include:

  • Network Security
  • Theft and fraud
  • Forensic investigation
  • Business interruption
  • Extortion
  • Reputation insurance
  • Computer data loss and restoration
  • Data restoration

What does cyber insurance actually cover?

Policies vary depending on the coverages you seek, but the key element of cyber Insurance is that it covers the customer’s cost as a result of security failures - from the actual system recovery to legal fees, fines and consumer liability. When choosing a supplemental policy, be very certain it covers you the way you expect.

How do I get cyber insurance?

Any business insurance company or broker will be more than happy to help you out. Asking your current insurance agent is a good place to start. Your agent should know your business, and an honest broker won’t load you up with coverages that you really don’t need. Many small and non-complex businesses may only need additional data breach coverage, which can typically be added to your General Liability insurance or Business Owner’s policy.

How secure is your network?

As a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and Cybersecurity assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation ever to use our IT services.

The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.

We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

Planning an Office Move?

We have the experience to ensure a seamless transition. Your employees will arrive at the new location to find their IT infrastructure ready and open for business! For more information, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:

704-565-9705