There are two types of companies – those who have been hacked and those that will be. – Former FBI Director Robert Mueller.
Some people modified that quote to read – those who have been hacked and those that don’t know that they have been hacked.
Which ever version of this saying that you prefer, it has created a stampede to the cyber insurance market.
In the beginning, say around 2015 and earlier, insurers were paying out around 40% of premiums for claims and they were happy.
Last year they paid out around 80% with no slowdown in sight and to say that they are unhappy would be polite.
Some insurers have left the market.
Until recently, the restrictions on insurance were few and the coverage was robust. Insurers did not have the data and did not understand the risk. They are getting a very quick and expensive education.
So, if you are hoping that insurance will be your salvation, you might want to reconsider that. Lloyds created 4 standard “act of war” exclusions for their agents to include in policies. Your breach may well be considered an act of war. If you win in court, it will be a long and expensive fight.
So what should you do?
Well, I would not recommend cancelling your insurance policy even though it is not perfect.
What you need to do is mitigate the risk since you cannot reduce the threats.
You buy insurance because you are not sure that you are fully protected from attack and loss.
Insurers have already started calculating that loss probability using a variety of tools. If you don’t meet their risk profile, they will not offer you coverage.
Think of it like automobile insurance. Sure they will fix your car, more or less, if you are in an accident. They will even pay your hospital bills. Does that make you more likely to want to get into a car accident? I didn’t think so. Credit: Threatpost
So, if you are thinking that it is time to improve your cybersecurity program, give us a call. Even if you are able to get insurance next year, that doesn’t make that incident any more pleasant.