Cyber insurance can still seem confusing to many organizations, despite the increase in digital risks over the last two years and a seemingly never-ending influx of cyber incidents. To demystify the concerns organizations may have regarding cyber insurance, I recently held a Reddit AMA
(internet parlance for Ask Me Anything) — an interactive question and answer session discussing data privacy, the ransomware epidemic, and cyber insurance.
As a longtime Redditor, I saw more and more misconceptions and myths regarding cyber insurance during my daily perusal of the site. I thought it would be a good idea to try to dispel some of those and have an open conversation on /r/iAMA regarding cyber insurance, data privacy, and ransomware. It also crossed off an item on my bucket list, so win-win!
Here are some key takeaways from the AMA:
1. General business insurance is not enough to cover a cyber security event
What would you do tomorrow if your entire network was done and you could not access any files on your servers? Does your current insurance policy cover the incident response: provision of third-party vendors — legal counsel, forensics, ransom negotiators, restoration specialists?
General business policies might have some limited protection, sometimes as low as $5,000 to as much as $100,000. When an organization experiences a ransomware event or large-scale data breach this is not enough.
Does your policy pay for ransomware? A lot of policies are excluding this for coverage. For example, many CGL policies exclude loss of data/digital assets. If your business experienced a ransomware event and could not recover your data, could you still function? Could you provide payment in three days for $100k to get your data back? What about $500k or $1.5M? The answer is often no. I've had claims with very large companies that could not provide payments in such a short time frame. This is also why your insurance policy must have "pay on behalf" coverage.
2. Yes, your cyber insurance policy will pay your claim
I pay cyber claims every day. If you look at the market trends since Covid hit — when everyone started working remotely and ransomware became a legit epidemic — you’ll find that premiums are increasing and coverages are decreasing. This is what we call a hard insurance market. The reason for this? Insurers are paying claims.
When an Insurance company decides to pay out it is a very objective analysis. An insurance policy is a contract, one which has provisions that need to be honored by both the insurance company and the insured. Now, insurance policies can have language that requires legal interpretation, but generally deciding to pay is not something an insurance company does. It pays when it has the legal obligation to pay.
3. The market is hardening, but not Coalition.
We are unfortunately in a hard market/seller’s market where many cyber insurance carriers are trying to stay in this line of insurance while also reducing their loss ratio from the past couple of years. So you’re going to see guidelines becoming more strict and carriers leave the market entirely or leave certain segments.
I’m not an underwriter so can’t get too nuanced but there are definitely still carriers providing robust, full-service cyber policies for good risks. And frankly, having a business case to harden your network is not terrible, in my opinion.
(This is one area where Coalition is different than the marketplace in that we leverage our proprietary scans and tools to help underwrite our risks. Just by being a Coalition insured you're less likely to suffer a claim.)
4. Insurance carriers requiring controls
Requiring MFA is something that many carriers are doing just because it is one of the easiest and most comprehensive ways to keep your system/emails from being compromised. But unfortunately, we see a lot of lateral movement within networks with various malware scraping creds from high-level accounts and then using that to completely "pwn" the network. I can't tell you how many times I've been sitting on a ransomware call where we see unauthorized logins from sysadmin accounts that just used username and password. We're even seeing these being brute-forced.
Given all of the claim activity, carriers are in a seller's market and can harden their underwriting guidelines in the hopes of reducing claims for their insured. I'm a massive proponent of MFA, primarily because I have been on way too many claims calls where MFA would have stopped a serious attack or funds transfer fraud from ever happening.
I understand and empathize that it is often challenging to get that buy-in from non-tech stakeholders. Still, hopefully, these requirements will ultimately make sysadmin and other IT professionals' jobs easier. Hopefully, you’d rather deal with implementing 2FA over a ransomware/BEC call on a holiday or weekend.
5. The future of cybersecurity
I don’t think we’re going to see cybersecurity ever becoming anything less than a potentially existential threat to companies and individuals. We live in a digital age, which has made cyber crime ridiculously lucrative. I think you can see this just by how many companies have bought or tried to purchase cyber insurance over the past two years and just how much more capacity there is for it.
Unfortunately, many companies still don’t have cyber insurance. Some estimates say that only 10 to 15% of SMBs have cyber insurance. But they’re still likely working with computers and face a risk for BECs and ransomware events.
Protect your business with Coalition cyber insurance
Ultimately, at Coalition, our goal is to keep our insureds safe online. We keep a close eye on our policyholders and react immediately to their vulnerabilities. If we find risks in the tech world, we notify our policyholders and offer remediation suggestions. Our quick responses mean our policyholders have fewer claims overall.
Coalition offers a wealth of resources to help businesses implement good cybersecurity practices, including our Cybersecurity Guide
, which outlines the key tenets of a cybersecurity program — a critical factor in reducing your organization’s cyber risk
For questions about Coalition’s claims process, or to be connected to a broker, reach out to our team
Are you a broker interested in offering Coalition cyber insurance to your clients? Click here to get appointed