He explained that in the early days of cyber insurance, insurers were just trying to address a huge demand, but now they realize they must reduce their exposure to both avoidable and uncontrollable circumstances.
Nevertheless, organizations that eschew cyber insurance do so at their own peril. “Cybersecurity is near mandatory for any business that holds customer data and is at risk of a data breach or ransomware attack,” Dettbarn observed.
“In addition,” he continued, “exclusions combined with recent announcements from states banning ransomware payments make insurance of limited value.”
“Over the past year, it’s become evident that cyber insurers are learning from their data and are now maturing,” Delinea Chief Security Scientist and Advisory CISO Joseph Carson said in a statement.
“We are seeing many small businesses choose to no longer have any coverage due to the number of exclusions, but rather invest in preventative cybersecurity solutions,” he told TechNewsWorld.
“As indicated by this research,” he said, “human error is unavoidable and one of the leading causes of ransomware attacks, and acts of war can be interpreted very broadly if desired by insurers.”
“Our survey results find that most organizations are not approaching cyber insurance with the same diligence — they are simply looking to get covered,” he continued. “What they’re not checking is whether the policy they had last year is what they need now or if their policy changed at renewal.”
Carson noted that one of the most surprising statistics from the report is the increase in organizations that used their cybersecurity insurance more than once, from 41% in 2022 to 47% in 2023.
Exclusions reduce the overall value of a policy because they reduce the true scope of coverage, added Jason Dettbarn, founder and CEO of Addigy, maker of an Apple device management platform in Miami.”
“This ‘cyber insurance gap’ could put a lot of organizations in a tough place when a cybersecurity incident occurs, and they want to utilize this financial safety net,” he added.
“Even with the best cybersecurity efforts, businesses still face residual cyber risks due to system misconfigurations, employee errors, or other unintentional security gaps,” she told TechNewsWorld. “It is increasingly common for cyber coverage to be required in contractual agreements.”
“More importantly, though, very few companies meet the core underwriting requirements,” he told TechNewsWorld. “They don’t have the right cyber/IT management tools or processes in place internally.”
Onus on Victims
“Today, cyber insurance is highly recommended,” said Theresa Le, chief claims officer at Cowbell, a provider of AI-powered cyber insurance for SMBs in Pleasanton, Calif.
“Seventy to 90 percent of all successful cyberattacks involve social engineering,” he told TechNewsWorld. “Any exclusion that excludes social engineering is essentially giving you almost no chance of getting reimbursed.”
Nearly four out of five (79%) of the more than 300 organizations in the United States surveyed by Censuswide for privileged access management provider Delinea saw their insurance costs increase, while more than two-thirds (67%) noted their cyber insurance premiums had increased 50% to 100% when they applied for or renewed their policies this year.
Rates for cyber insurance policies continue to rise while a growing number of exclusions are shrinking what’s covered by them, according to a report released Tuesday by a cybersecurity company.