Does cyber insurance cost too much?
We often hear that cost can make cyber insurance a non-starter for businesses. We get it; broad coverage comes at a price given the value of services provided with a policy these days.
So, here at CFC we have listed the 5 key reasons a cyber insurance policy, is worth the financial investment.
Cyber is a business' largest exposure
We’re in a digital age and businesses no longer rely on paper trails and filing cabinets. This digital reliance has shifted a business’ assets from tangible to intangible, making them wildly accessible and opening even the smallest of businesses to a whole new era of risk.
Subsequently, most companies today state that cyber risk is in their top three, if not their number one business risk given their reliance on technology. Since the frequency of loss is that much greater for a cyber event than traditional perils, such as a fire – it makes sense that the cost of cyber insurance today will mirror a business’ largest exposure.
We’ve created a cyber risk heat map, which explains the varying levels by industry. Hint, nearly no business is safe!
Premiums are a fraction of the cost compared to a cyber claim.
The price of cyber insurance may seem higher than expected given many still consider it a discretionary purchase, but when you compare the thousands, hundreds of thousands, or even millions in costs that cyberattacks can incur for business, it’s an easy decision to make.
And the severity of those claims continues to rise. According to the latest Coveware report, it’s been noted that fewer victims are paying ransomware demands, so threat actors are demanding more money to compensate for the lower hit rate, making individual claims more expensive.
This lower hit rate on ransomware has also meant hackers are pivoting back to previous attack techniques, with the likes of business email compromise attacks showing an increase of 147% across the second half of 2022 (for SME businesses).
A good cyber policy should offer proactive protection from attacks.
At CFC, from the minute the policy is bound, our cyber security team works around the clock to protect businesses against cyber-attacks.
This is a proactive, protective service that identifies potential threats using insights from a variety of sources, including public and private threat intelligence feeds that go well beyond the usual outside-in scanning tools available to insurers. If a cyber security issue is found, our team will reach out through our Response app to work with a potentially compromised business, to eliminate the threat before it can cause harm.
To pay for this level of monitoring externally, a business would need multiple providers, all individually costing upwards of thousands every year. Whereas, all of this work is done for free, as part of the standalone CFC cyber policy…
…as well as expert incident response and recovery.
One of the other critical elements of a cyber policy is the availability of in-house cyber incident response. At CFC, our team of cyber threat analysts, digital forensic specialists and incident responders, CFC Response, is available 24/7 to triage incidents, contain threats, and repair networks if a cyber incident occurs.
Cyber policies cover a lot.
A good, stand-alone cyber policy, such as a CFC cyber policy, includes comprehensive coverage.
Many small businesses do not have access to enterprise-grade security teams, threat intelligence feeds that can inform them of whether they are listed on a threat actor’s target list, or access to a multi-disciplinary team of experts who know how to respond to cyber-attacks and compliment existing IT personnel.
Equally, should the worst happen, cyber insurance policies cover cyber incident response costs, including IT forensics, legal, breach notification and crisis communications to cybercrime costs that include social engineering, theft of personal funds and cyber extortion.
All told, this can cost anywhere from thousands to hundreds of thousands, and there is no limit to the range of support required during a cyber incident. CFC’s security team estimates that the average downtime following a ransomware attack can be up to 2-3 weeks, and that’s only with the expert assistance of a cyber incident response team provided by an insurer. With a broad policy, the insured can focus on getting their business back up and running, rather than worrying about what will and won’t be covered by their insurer.
It is estimated that that cyber-attacks will cost the globe $8 trillion dollars in 2023. Yet, we estimate, only less than 20% of businesses have taken out a cyber insurance policy as of today. Cyber insurers are not just there to step in after an attack has taken place, ready to pay the many external teams a business needed to pull in to recover. Instead, coverage from a cyber insurer like CFC protects and prevents attacks on businesses from the minute they bind a policy.
Cyber insurance is not expensive, cyberattacks are. And with the right cyber insurance product, it should be the easiest purchase a business has ever made to cover its largest exposure.
Do your clients still need convincing about cyber insurance? Check out our client objections tips here.