Is the rise of cyber insurance premiums actually a good thing?
In the last few months, the cybersecurity industry has acknowledged the five-year anniversary of not one, but two worldwide ransomware events that changed the security industry as we know it: WannaCry and NotPetya. As well as signalling the start of the ‘ransomware crisis’, they also marked what may be the beginning of the end for affordable and accessible cyber insurance. In fact, WannaCry was reported to be the single largest driver of cyber enquiries for the first half of 2017, while NotPetya is to blame for the tightening of policies. With the risk transference growing with each attack, cyber insurers were no longer prepared to be caught out by large pay-outs on cheap policies. But today, the prices of premiums are so high, many businesses are finding it almost impossible to get insured.
Another NotPetya style event
While there are several factors contributing to the rise of premiums in cyber insurance, one that has undoubtedly caused ripple effects across industries is Russia’s invasion of Ukraine in early 2022. However, tensions between the two countries have been present since 2014 and a long string of cyberattacks have since been launched by Russia in an attempt to cripple Ukraine’s infrastructure. The most devasting of these is NotPetya. It was thought to be originally intended to target HR systems commonly used in the country, before escaping and infecting organisations across the world.
Today, we need to worry about what could be another NotPetya-style event and what a global “spillover” could mean if this happened – as warned by the former Chief of the UK’s NCSC (National Cyber Security Centre). It is certainly something that insurers are concerned about and safeguarding against. They know that it is not only large enterprises and government bodies that would be under attack, but any smaller organisation within the supply chain for these bigger brands too. As we’ve seen from recent attacks, third parties can pose a huge risk to businesses and therefore supply chain security must be a top priority.
How to turn rising costs into a business positive
In the past, cheaper premiums for cyber insurance may simply have led to complicity when it comes to cybersecurity. Yet cyber insurance is no “get out of jail free” card, and while it is a key part of business continuity, it should not form the entirety of a cybersecurity strategy. Instead, more proactive threat monitoring and mitigation solutions should be implemented. And now that businesses will have to improve their cyber hygiene to even be considered by insurers, it may force teams to take security more seriously. This can only be seen as a positive for the industry in the long run.
For enterprises to achieve those lower premiums, the first step is creating a security-first, company-wide culture. It may seem easier said than done, but ultimately it is about ensuring the entire team understands their role in protecting company networks. Regular training through phishing simulations is a crucial part of this education and awareness.
Working with a security partner to support with training and proactive, continuous threat monitoring provides an organisation with the best chance at improving cyber hygiene and reducing the cost of cyber insurance. With an outsourced Security Operations Centre (SOC), businesses get peace of mind in knowing that their network, assets and people are protected 24/7/365, and they can demonstrate to insurers that they are doing everything possible to embrace better security.
Find out how DigitalXRAID’s SOC service can help you mitigate rising cyber insurance prices.