In a case of “I told you so”, it seems that cyber insurance costs have risen this year as organizations fail to properly protect themselves from rampant ransomware attacks.
I hate being right, especially when it comes to organizations trying to establish a safety net in the face of the present and growing problem of ransomware. Back in May, I predicted that cyber insurance claim amounts would skyrocket. And, the only outcome from this is for cyber insurers to increase policy costs to cover losses.
It appears this came true as, according to insurance broker Howden Group, in their report Cyber Insurance: A Hard Reset, they state that cyber insurance rates have increased this year by 30%. It’s not surprising, as we’ve seen increasingly more news stories about high profile ransomware attacks in the last few months alone.
So, here’s the rough of it all: Insurance companies are in business to remain in business. That means as long as they plan on offering cyber insurance, the only way the costs will stay reasonable is for a high percentage of their policyholders to not place a claim (read: not experience a costly cyber attack). Considering 57% of organizations experience spear phishing weekly or daily, this seems highly unlikely.
I’m ok with that. Why? Because organizations shouldn’t be resting their head on the pillow at night because they have insurance; they should have a proven, layered security strategy in place that addresses the very attack vectors threat actors use to enter an organization. The riskiest is your users – they are notorious for falling for increasingly well-crafted social engineering within phishing and spear phishing attacks. It’s only through continual Security Awareness Training that your organization stands a chance of stopping an attack at its first touchpoint: your user’s Inbox.
Here's how it works:
