• Watch
  • Listen
  • Live Stream
Security Weekly
Security Market Validation
  • Listeners
    • Subscribe
    • Insider List
    • Suggest a Guest
  • Shows
    • Paul’s Security Weekly
    • Enterprise Security Weekly
    • Business Security Weekly
    • Application Security Weekly
    • Security & Compliance Weekly
    • Security Weekly News
    • Tradecraft Security Weekly
    • Secure Digital Life
  • Series
    • CISO Stories
    • Getting the Real Work Done in Cybersecurity
  • Webcasts/Trainings
    • Registration
    • On-demand
  • Articles
  • Partners
    • Become a Partner
    • Landing Pages
  • Hosts
  • Company
    • About
    • Careers
    • Contact

3rd Party Risk/ Articles/ Compliance/ Exploit Prevention

Ransomware Damage Claims Driving Insurance Hikes

Deb Radcliff January 12, 2022

The costs of cyber insurance policies are rising exponentially while underwriters are tightening the rules around who qualifies for cyber insurance, and at the same time, insurer capacity is constricting dramatically. The numbers are all over the place, but the latest statistics from the Council of Insurance Agents and Brokers reported a 25.5% increase in cyber insurance costs.

Not surprisingly, the rise in cyber insurance costs is mostly attributable to a tidal wave of ransomware damage claims hitting insurers over the past two years.

Larger organizations are absorbing most of this price increase, but they are also driving up the costs for coverage to smaller businesses by demanding higher payouts against their losses, according to Jim Goldman CEO and cofounder of Trava Security, which specializes in cyber risk management and insurance assessment automation.

“Up until two years ago, cyber insurance was incredibly cheap. Since then, the costs have doubled, tripled, then quadrupled while the actual level of coverage goes down,” says Goldman during our recent video interview.

FYI, Goldman’s a cybersecurity pioneer: In 1991, he was the first computer networking and security professor at Purdue University. Later, he led an FBI cybercrime task force, and was the business information security officer at Salesforce before co-founding Trava.

Policy Pricing for SMBs

As Goldman explains it, pricing cyber insurance policies is incredibly complex and hinges on many factors, starting with what business the company in. For example, a 50-person company with low liability may pay $2,000 to $3,000 a year for their policy. But now, with software supply chain risks so prominent, the same size company in software development (who is a Trava client), is paying $30,000 a year for its policy.

“We deal with a lot of software companies, and they need insurance against third-party liability, particularly from their open-source components because there’s been a high proliferation of lawsuits against software companies since the SolarWinds breach,” he explains.

This also gets down to what clients of cyber insurance should be looking at in their policies. Or, as Goldman says, SMBs need to hyper focus on “what’s not in their policies.” For example, third-party liability is a must for many of those SMB’s in the software or services business, but not usually offered in standard policies.

“SMBs offering software and services are more likely to have their customers seek indemnification for business disruption when the software and services they rely on are unavailable due to a ransomware attack,” he notes. “In the case of ransomware, the policy should also carry coverage for loss of business and additional liability or costs if their data is hijacked and made available on the dark web.”

Raising the Bar

Qualifying for cyber insurance has also become more difficult for SMB’s, who now need to meet difficult demands just to be considered for insurance by underwriters.

“Prequalifying questions used to boil down to five key indicators: Do you have multi factor? Do you have EDR on all endpoints? Is your data encrypted? And other basics,” Goldman explains. “Now, once you prove those five things, then you must fill out the 200-question application. And, if you still qualify, the broker will scan your systems to validate controls.”

He advises SMBs to find a trustworthy insurance broker who will help them learn what they don’t know but need to know about their cyber insurance policies and read their policy options carefully and look for what is not there. Also be prepared to participate in a data-driven risk policies (heavy on assessment) that could ultimately streamline costs for overall insurance rates.

Most importantly, he adds, keep your network in compliance with your policy rules to facilitate faster renewal and cheaper rates.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related Posts

Binary data wave

3rd Party Risk /

Making the Case for Supply Chain Behavior Transparency

web-application-firewall-comparison-696x423

Articles /

Building a More Secure AppDev Process

App Sec in Cloud

Compliance /

Delivering on the Promise of Application Security in the Cloud

‹ Decrypt As If Your Security Depends on It › The Unique Challenges of Companies Born in the Cloud

About Security Weekly

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.

More Than Just A Sponsor

We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.

Back to Top

Subscribe To The Blog:

RSS feed RSS - Posts

Search

Latest Tweets

Tweets by @secweekly
© Security Weekly 2022
Powered by WordPress • Themify WordPress Themes