Secure Your Future: Cyber Insurance Planning

What are the latest trends and developments in the cyber insurance industry?

Cyber insurance is adapting to evolving cyber threats by offering more tailored coverage options, including ransomware protection and social engineering fraud coverage. Insurers are also focusing on proactive cyber risk management services to help businesses prevent cyber incidents.

The Cyber Threat Intelligence Integration Center of the United States of America reported on the increase in ransomware attacks in 2023, which rose significantly to 74 percent compared to the recorded data in 2022. LockBit and ALPHV/BlackCat, the two leading ransomware-as-a-service (RaaS) providers, together accounted for more than 30% of all reported attacks on various types of entities, including healthcare organizations, worldwide. In the United States alone, the top five RaaS variants included Black Basta, Play, ALPHV/BlackCat, CL0P, and Lockbit, all of which have the potential to access and publish sensitive information if successful in their attacks.

Indeed, the world of cybercrime is a lucrative business. As noted in an online article by the World Economic Forum, the financial burden of cybercrime, which includes damage, recovery, and remediation, has skyrocketed from $3 trillion in 2015 to a staggering $6 trillion in 2021, with forecasts predicting a potential increase to $10.5 trillion annually by 2025. This is why having cyber risk insurance, also known as cyber liability insurance or cyber policy, is important for businesses to transfer the costs involved with recovery from a cyber-related security breach or cyber event. With cyber insurance coverage, businesses can protect themselves from risks such as data breaches, data recovery, personal information theft, and system damage repair caused by attackers, as well as safeguarding sensitive customer information, including health records. This makes it an important tool in the fight against cyber threats and disclosure of sensitive customer information while covering legal expenses in case of a lawsuit involving legal costs. Additionally, the latest trends and developments in the cyber insurance industry include increased coverage for ransomware attacks, social engineering fraud, and business interruption due to cyber events.

Cisco’s Cybersecurity Readiness Index 2024 mentions that the financial repercussions of these cyberattacks on companies is significant, with more than half of affected companies reporting losses of at least 300,000 US dollars last year. Remarkably, 12% of companies suffered even greater losses, over 1 million US dollars. Larger companies with an annual turnover of more than 100 million US dollars were more frequently affected by losses of 1 million US dollars or more, highlighting the importance of cyber insurance for businesses of all sizes. Conversely, smaller companies with an annual turnover of less than 2 million US dollars usually reported losses of less than 200,000 US dollars. This data comes from Cisco’s analysis based on a comprehensive survey of over 8,000 business and cybersecurity executives from 30 different global markets representing a wide range of private sector industries, including financial services, retail, technology services, and manufacturing.

 The repercussions of cybercrime extend far beyond monetary losses, inflicting significant damage on individuals, businesses, and society.

Despite the rapid adoption of digital tools, a study by the World Economic Forum, participated by 270 global stakeholders in the Internet of Things (IoT) and connected devices landscape including in-depth interviews with over 25 experts representing the public, private, and civil society sectors across 39 countries, spanning six continents and 19 industries, shows that only 4% of companies have confidence in the cyber security of their connected devices and associated technologies. Digital/information technology (IT) and electronics experts expressed significant concerns about cybersecurity measures. 74% of respondents said they were not confident in their protection against cyber-attacks. This figure is made up of 47% who are “not very confident” and 27% who are “not at all confident’,” indicating significant vulnerability in these industries. This lack of confidence puts organizations at risk of cyberattacks, which can lead to serious business disruption, financial loss, legal liability, and irreparable reputational damage.

There is a stark contrast between the cyber security preparedness of large corporations and small businesses. While large companies have used their resources to develop sophisticated defenses against cyberattacks, small businesses often lack the means to do the same. Because of this discrepancy, small businesses are disproportionately affected by cyber threats and have limited solutions to close the gap. This is where cybersecurity insurance policies, specifically designed for financial institutions and professional services firms, can be crucial, providing financial protection and resources in the event of a cyber incident or theft due to negligence and poor security processes. With the latest trends and developments in the cyber insurance industry, including broad cyber coverage customized to fit the needs of businesses of all sizes, cyber insurance policies are becoming a valuable tool in mitigating the risks of cyber threats for the policyholder. As the cyber insurance industry continues to evolve, it is important for businesses to stay updated on the latest trends and developments in order to secure their future and protect themselves from potential cyber threats.

According to Accenture’s 2023 Cost of Cybercrime Study cybersecurity solutions

Cybersecurity and Cyber liability insurance are non-negotiable for small businesses

It is a common misconception that only large companies are targeted by hackers. However, small businesses are easy targets due to their perceived lack of security. However, it is obvious that cybercriminals see them as easy prey and often exploit vulnerabilities to steal sensitive data, disrupt operations, or extort money. The consequences of a data breach can be devastating for a small business, especially if sensitive information is stored on laptops. The cost of recovering data, legal fees and lost productivity can easily spiral out of control. Not to mention the long-term damage to your reputation and the trust of your customers.

Andrew Darlington, President of Veritas Risk Management has been in the insurance and risk management industry since 1997 and understands the unique challenges faced by small businesses in the cybersecurity landscape.

“Veritas’ goal is to empower small businesses with the knowledge and tools they need to effectively manage cyber risk and safeguard their operations. The company strives to provide comprehensive solutions that combine cybersecurity expertise with insurance protection, ensuring that small businesses are well-equipped to face the ever-evolving threat landscape.”

The evolving cybersecurity threats and vulnerabilities facing businesses in 2024

Cyber attacks are growing in number and sophistication, targeting organizations of all sizes.

The Cisco Cybersecurity Readiness Index 2024 finds that malware and phishing continue to be the predominant forms of cyberattacks, affecting 76% and 54% of organizations, respectively. However, the threat landscape is becoming more diverse, with credential stuffing, supply chain attacks, social engineering, and crypto-jacking affecting a significant percentage of organizations. The increase in hybrid working environments further complicates the cyber security landscape and presents companies with additional challenges when it comes to protecting their systems and data.

 To support the evolution of the cybersecurity landscape, the IBM X-Force Threat Intelligence Index 2024 states that cybercriminals are using popular methods such as email campaigns, but with a different approach, such as using OneNote files with embedded scripts to deliver malicious code, malicious links hidden in PDF documents to infect computer systems, and MSI and NSIS execution files disguised as document files to trick users into executing them. These evolving threats have the potential to compromise sensitive information, such as customer and employee records, putting businesses at risk for data breaches and financial losses.

In addition to traditional methods, email campaigns are increasingly using Microsoft Office documents to spread malware via exploits, rather than relying solely on malicious macros. In 2023, there was a significant increase in documents weaponized with CVE-2017-11882, a vulnerability in the Microsoft Office equation editor that allows arbitrary code execution.

In addition, threat actors have been observed using remote template injection techniques. This method is used to bypass email gateway security by sending seemingly harmless phishing emails that later retrieve malicious Office templates, further increasing the risk for recipients.

Cloud services were also abused. Telegram and Discord have become popular platforms exploited by threat actors due to their versatile features that can be manipulated for malicious purposes. These platforms have been observed to be used for command-and-control (C2) communication, the content delivery network (CDN) has been used for hosting and spreading malware, and even webhook functions have been abused to exfiltrate data from compromised systems. The widespread use and supposed anonymity of these platforms make them attractive tools for cybercriminals to carry out their illegal activities.

Generative AI as The Double-Edged Sword of Cybersecurity

 The rapid development of generative AI offers immense potential for companies in various sectors, including cybersecurity solutions. However, the same technology is also being exploited by malicious actors to launch increasingly sophisticated attacks.

IBM’s X Force has identified the marketing value of AI in recent malicious campaigns. Two tools available on the web are FraudGPT and WormGPT – unconstrained or semi-constrained large language models (LLMs) designed specifically for malicious purposes and readily available on various online forums and Telegram channels. Among other things, these tools can create convincing phishing emails and perform other malicious activities.

Although IBM X-Force hasn’t yet seen any confirmed AI-driven cyberattacks, it’s clear that cybercriminals are actively exploring the potential of AI for their malicious activities. This is evidenced by the 800,000+ mentions of AI and GPT in illicit markets and dark web forums in 2023. While isolated AI-powered attacks may occur in the near future, X-Force predicts that the widespread use of AI will only become more prevalent as AI becomes more mainstream in organizations.

Despite the growing recognition of AI’s potential for cybersecurity, Cisco found that a clear majority (52%) of organizations haven’t yet fully integrated AI into their network security strategies. The most notable examples of AI use in this area focus primarily on assessing security posture, monitoring passwordless authentication, and setting real-time, risk-based access policies with expert support and detailed analytics.

Recommendations to mitigate potential damage of a data security breach incident

 As the threat landscape escalates and cyberattacks become more sophisticated, organizations of all sizes must prioritize data security and identity management. Implementing robust solutions to mitigate the potential damage of a data security incident is critical. This includes measures such as:

  • Implementing multi-factor authentication and least privilege access to limit unauthorized access to sensitive data.
  • Creating and maintaining offline backups of important data to ensure recovery in the event of a ransomware attack or other data loss.
  • Educating employees on cybersecurity best practices, including recognizing phishing emails and avoiding suspicious links, is essential to preventing breaches.
  • Developing and implementing contingency plans can help companies quickly identify and contain security incidents to minimize damage and downtime.
  • Investing in cyber security insurance can provide financial protection and support in the event of a cyber attack, covering costs such as data recovery and legal fees.

With a proactive and comprehensive approach to data security and identity management, companies can significantly reduce their vulnerability to cyber threats and minimize the potential consequences of security incidents.

Book a discovery call with Andrew now >>

Andrew Darlington insurance

Author’s Bio

Andrew Darlington, an insurance professional since 1997, established Veritas Insurance in 2009. He is the holder of CBIA, CIC, CRM, and AAI certifications, demonstrating a strong focus on cultivating robust client relationships and ongoing education. On his website, you can find comprehensive industry insights, case studies, and expert recommendations, showcasing his dedication to customized solutions and unwavering integrity

Follow Us Here!

For more information on Home Insurance and Life Insurance check out our other articles here.