Cyber security insurance is designed to help to protect or reduce the consequences to businesses from the potentially dire consequences of a cyber attack, such as a ransomware attack. Australia, and indeed the world, is facing an ever-growing ransomware crisis, and more businesses are falling victim to attacks on their IT infrastructure. This has put the cyber insurance industry under extreme pressure as businesses turn to their cyber insurers in the aftermath of the ransomware attacks.
These issues have gained increased attention as a direct result of the COVID-19 pandemic, with many businesses shifting operations to focus on the online space and many staff working remotely. Staff working from home often expose a much greater risk to a business’s data, for instance, due to unsecure WiFi, or inadequate (or non-existent) firewalls. Pre-pandemic cyber insurance may not longer provide the level of cover or protection required by businesses operating on an online model.
Cyber insurance providers operate largely in the same manner as any other insurance providers. In order to remain a viable business, cyber insurance providers must have a pool of capital to address the (generally low) risk of severe cyber catastrophes. However, as a result of the increase in the number of ransomware attacks, as well as the increase in damage of the average attack, many cyber insurance providers are significantly increasing insurance premiums, reducing coverage, and implementing more stringent requirements on companies trying to obtain cyber insurance cover.
Some providers are turning away potential customers who pose too high of a risk. With cyber insurance becoming more of a necessity for businesses, this has the potential to leave businesses high and dry, without a safety net of insurance protection against cyber attacks.
Lavan comment
In the same way that your car insurance premium is lower if you have alarms or take other precautions, in order to obtain cyber insurance at a reasonable premium (or even obtain it at all), you should be prepared to review your own cyber security measures and take additional precautions and protections as necessary.
Remember, insurance policies are not your first line of defence. Rather, they are your last line.
For instance, how secure is your system? How rigorous is your staff training? Do you have compliance strategies? These are steps to avoid a successful attack.
Do you have a cyber incident response plan? Has your organisation considered what steps it would take to respond to a cyber attack, or how long it will take to recover and restore services to customers? How quickly does your business deploy critical updates to its software? Do you keep a backup of your data offline or in a cloud service?
It is important that businesses take necessary steps to mitigate their cyber security risks, promptly address any potential critical updates and implement appropriate security protocols. As a starting point, we suggest that businesses store their backup data on an encrypted server which is updated regularly and kept separate from the business’s production data.
It is important, now more than ever, to ensure your business is protected from ransomware. If you haven’t taken steps to protect your business, you may both leave yourself exposed to attack and find it difficult to obtain the necessary cyber insurance, or be forced to pay a steep premium in order to obtain limited cover.
If you have questions in relation to protecting your business from cyber attacks, please do not hesitate to contact Iain Freeman.