What’s next for Cyber Insurance?
The cybersecurity sector continues to grow in India, with Forbes India reporting the nation is expected to spend up to
3 billion on cybersecurity in 2022. And it’s easy to see why. According to the 2021 Sophos State of Ransomware Report, two-thirds (68%) of Indian organisations have been attacked by ransomware in 2021, with 66 per cent of organisations paying an average of USD76,619.
It’s clear to see cybersecurity is a focus among Indian businesses, and for good reason. Organisations are right to look at investing
3 billion (as a collective) in their cybersecurity infrastructure, however it’s important investments are made as part of a wider dynamic security strategy that is regularly reviewed and updated. A part of this strategy, should include cyber insurance.
Organisations must not fall into the trap of prioritising cyber insurance ahead of all security measures; in fact, insurers may not provide insurance if an organisation does not have adequate security measures in place. In addition, by investing and prioritising security, it can become easier to get coverage, lower premiums, and remove barriers to pay outs if you need to make a claim.
Let’s take a look at some of the key trends to be aware of in the cyber insurance market.
The market will harden further
Due to increased risks and loss ratios, it is becoming more difficult to obtain cover cheaply. As such, this is compelling organisations to better manage their cyber risks in order to lower premiums among insurance providers.
This is an interesting comparison to how the market was not so long ago. Previously, businesses were able to select a competing provider with lower security requirements in order to get the protection they needed that’s no longer the case, with insurers having greater influence over cyber practices.
More insurers are offering pre-breach security support
Providing cyber insurance carries a level of risk for the insurance provider, something each provider needs to carefully manage. As such, a growing number of insurers are offering preventative cybersecurity support to reduce the chances of a breach.
By providing this support, insurers are adding value to their customers, while reducing their own risk. This is of particular use and value for smaller organisations that don’t have the same resources that larger entities do.
Data collaboration could reveal dynamic risk details
Data is key for insurers to quantify risks, and they’re building partnerships to get it, which means they’re getting a more accurate and dynamic view of the immediate threat landscape.
This deeper level of understanding, has the potential to lead insurers to developing checklists , helping businesses tackle immediate threats. While useful, organisations must be careful not to focus solely on this guidance provided by insurers, ensuring their infrastructure has 360 protection; third-party security specialists should be sought if support is needed.
For example, Sophos Managed Threat Response (MTR) provides unprecendeted protection and support to your existing security team. Most managed detection and response (MDR) services simply notify you of attacks or suspicious events, leaving it up to security and IT teams to manage it from there. The issue with this is, what happens if the alert is not seen until the following morning? Cybercriminals aren’t going to wait until Monday morning before attacking, they’re well aware people take weekends and will often choose these quieter periods to attack.
With Sophos MTR, your organisation is backed by an elite team of threat hunters and response experts who take targeted actions on your behalf to neutralise even the most sophisticated threats. By utilising services like Sophos MTR, you not only protect your organisation from attacks, but also show insurers you’re doing so, therefore laying the platform to negotiate lower premiums.
As well as directly improving security, having a policyas a safety netcan be beneficial in the event of a large-scale security breach. Insurance can provide organisations with a quick transition for recovery from major attacks. However, insurance should only be implemented as part of a wider strategy that prioritises detection and protection, ahead of response and mitigation.