2022 saw massive geopolitical developments which have led to some significant changes within the cyber insurance market. These include:
- Increased Damages: IBM’s 2022 Cost of a Data Breach Report reported the average cost of a data breach increasing to $9.44 million in the U.S.
- Increased Loss Ratios: Fitch Ratings reports that insurance payouts on claims compared to premiums have increased from 34% of premiums in 2018 to 65% of premiums in 2021.
- Higher Cyber Insurance Premiums: Insurance broker Marsh cyber found insurance prices increased 133 percent in the fourth quarter of 2021.
- Decreased Coverage: Lloyd’s of London announced in August that its insurance policies will no longer cover nation state-backed cyberattacks.
The notion of 'insuring away cyber risk' is now (and arguably always was) somewhat unrealistic. With both premiums and insurers prerequisites/policy exclusions increasing, the actual scope of what is covered is also rapidly narrowing.
What Organizations can do
The insurers are acting rationally. The costs of data breaches continue to risk and insurers cannot take on additional risk without increasing premiums. They are also heightening their due diligence of potential clients’ security practices. An organization with poor security controls presents greater risk than one with a mature security program.
Organizations looking to maintain their coverage while minimizing premiums need to provide evidence that they are taking appropriate steps to protect those assets targeted by attackers; data that can be used for identity theft, financial gain, or competitive advantage.
Some of this is operational security. A misconfigured cloud storage bucket can expose sensitive data to anyone looking for it (this even happens at mature organizations like Microsoft). From an insurer’s point of view, however, the focus will be on what you are doing to mitigate threats and protect your data.
The Verizon Data Breach Incident report found that human error is still the leading cause of data loss. The Covid-forced Work From Anywhere movement has likely exacerbated this as users work outside the protective umbrella of the corporate network and use non-sanctioned applications and devices.
How Next DLP Can Help
Mitigating these threats requires training and controls to address data loss through accidental or malicious actions.
Visibility to all Data Use
Reveal Cloud provides a full picture of where data is flowing inside your organisation, including unsanctioned applications and other “shadow IT”. It discovers and alerts on behaviour that puts sensitive data at risk.
Reveal Cloud educates users on high-risk behavior. When users take actions that could put data at risk, pop-ups reinforce corporate security policies and teach employees to make the right decisions.
On-use data inspection and classification
Reveal Cloud identifies and classifies data instantly, every time a user accesses a file. AI and machine learning on the endpoint allows Reveal Cloud to learn what is considered “normal” per employee and only raises alerts when abnormalities are encountered.
Protection across exfiltration channels
Lightweight endpoint agents see everything, on and off the corporate network. Instant classification and behavior analytics consider content, context, and communications to protect data from accidental or intentional exposure. Reveal supports content inspection and controls to see and block content in email applications, browsers, web applications, removable devices, messaging apps, and printers.
Evidence for Auditors
Insurers and compliance audits require evidence of controls. Reveal Cloud maintains an evidentiary quality audit trail on all activity on and off the corporate network. In fact, Reveal Cloud was integral in Next DLP’s ISO 27001 certification.
The cyber insurance market and models will continue to evolve. Treating security as a “tick box” will not provide acceptable controls in an increasingly stringent market. Smart organizations can mitigate risk, minimize premiums, and maximize cyber insurance coverage by proactively addressing the security of sensitive information.