Research firm Ovum for Silicon Valley analytics firm FICO, conducted a May 2017, survey about cyber insurance.
And here is the head-scratcher: “The survey further concluded that “a full 50 percent of U.S. firms do not have cyber risk insurance but 27 percent of U.S. executives say their firms have no plans to take out cyber insurance, even though 61 percent of them expect cyber breaches to increase in the next year.”
The “Insurance Journal” commented that even among those that have insurance, only 16 percent said they have cyber security insurance that covers all risks. The U.S. lags behind the UK and Canada, where about 40 percent have no cyber coverage. Mistrust about insurance pricing is one reason some firms aren’t buying.
Remarkably the survey noted, “None of the healthcare firms represented in the survey have insurance that covers all risk, while 74 percent have none at all’’.
Why 27% of U.S. Firms Have No Plans to Buy Cyber Insurance
So what seems to be holding up the decision to purchase cyber insurance? Confusion about coverage, clarity, premiums, gaps in coverage, and transparency. Companies want to know more about premium guidelines and how they are assigned a risk potential.
“With so many firms concerned about a rise in the likelihood of cyber breaches in the next year, it’s troubling to see that half of them don’t have any cybersecurity insurance protection,” said Bob Shiflet, who oversees fraud and financial crime solutions at FICO. “There are steps the insurance industry can take to make guidelines clearer and explain premium adjustments, but companies need to be willing to dedicate the resources required to protect themselves from the breaches they themselves see as likely, if not inevitable.”
Last year, the number of small businesses hit by ransomware attacks has almost doubled.
Is the industry about to change its mind? In the last year the number of small businesses hit by ransomware attacks has almost doubled. For many firms small and large, one size of insurance doesn’t fit all. Smaller firms usually are disproportionately hurt by attacks and less likely to be able to recover from the losses as we’ve previously reported.
The potential cost of attacks varies greatly while most cyber policies typically provide between $USD 100,000-250,000 of coverage. As cyber attacks are getting more sophisticated, we are seeing the early-mover insurance companies starting to provide specialized coverage.
Recently, insurance firm Beazley launched a new insurance policy aimed at CEO social engineering fraud. The Insurance Journal announced that Beazley’s new excess policy for the U.S. market significantly expands the protection available to firms that fall victim to impersonation scams by fraudsters convincing employees to wire funds to external accounts. Of course, we know that as CEO Fraud Prevention!
According to Beazley, this and similar “social engineering” attacks have proliferated in recent years, costing some companies millions of dollars. Insurance coverage to address the risk has largely failed to keep pace with the larger attacks, typically providing between $100,000 and $250,000 of protection.
It's laudable that insurance companies are trying harder to adjust to market needs but we like to think of cyber insurance as catastrophic insurance much like flood insurance. You never hope to collect on it until you’ve been hit by a catastrophic event. And once you’ve been hit by a catastrophic event, it could take years to recover if you recover at all. Some small businesses are never able to recover from lack of resources, down time, and loss of customer trust. Good will and trust with customers are intangibles hard to quantify and hard to recover.
Stats from Kaspersky Security Bulletin 2016
- 62 new ransomware families made their appearance.
- 11-fold increase in the number of ransomware
- New Strains: from 2,900 new modifications in January/March,to 32,091 in July/September.
- Attacks on business increased three-fold between January and the end of September: the difference between an attack every 2 minutes and one every 40 seconds.
- Individual infection rates went from from 20 seconds to every 10 seconds.
- One in five small and medium-sized business who paid the ransom never got their data back.
Will the stats from last year drive companies to rethink their policies regarding insurance? We don’t know but we recommend ……
http://www.insurancejournal.com/news/national/2017/08/30/462733.htm
http://www.insurancejournal.com/news/national/2017/05/31/452647.htm
Don't be a victim! Get your Ransomware Hostage Rescue Manual.
Get the most informative and complete hostage rescue manual on Ransomware. This 20-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with malware like this. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:
- What is Ransomware?
- Am I Infected?
- I’m Infected, Now What?
- Protecting Yourself in the Future
- Resources
Don’t be taken hostage by ransomware. Download your rescue manual now!
Or cut & paste this link in your browser: http://info.knowbe4.com/ransomware-hostage-rescue-manual-0