Cyber Risk Insurance Costs: your small business cyber insurance costs will be going up and there will be more exclusions. Here’s what you need to know.
Cyber risk insurance costs
According to an article in the Insurance Journal, small businesses will see increases of 10-15% and 20% to 30% hikes for larger businesses even with reasonable controls and no claims. Further, carriers are reducing limits, for example a $5 million limit can be reduced to $2 million.
Why the price hikes? It’s not just the rise in cyber crime and ransomware. Recently pharmaceutical giant Merck won a lawsuit against its insurer which declined to cover losses caused the NotPetya ransomware attack in 2017. Merck had a $1.75 billion “all-risk” insurance policy which included coverage for software related data loss. Their insurer refused to cover Merck’s $1.4 billion cost for their incident claiming NotPetya was an act of war by Russia against the Ukraine.
As a result of this and other lawsuits, insurance companies are jacking up the cost of cyber insurance.
Let’s go back a bit to the reasonable controls mentioned before. A lot of insurance companies now won’t cyber insure your business unless you meet the following requirements:
- Multi-factor authentication (MFA)
- EndPoint protection (antivirus software and firewalls)
- Cloud based backup
- Dual Authentication for funds transfers
- email security controls (like SPF and DMARC)
Older operating systems (such as Windows 7) and older software no longer receiving security updates could be a reason for insurance refusal and/or no payment when a hack occurs.
You will need a tech professional to help you with the reasonable controls. This is not something you can learn from Google University.
What do you need to know for your business?
Does your business meet or exceed the reasonable controls listed above? Have you carefully gone over your cyber insurance with your insurance agent about exclusions, limits and exactly what is covered? Is ransomware covered? Your web site?
Prepare yourself for hikes in cyber insurance costs this year.