“…Only two types of companies exist: those that have been hacked and those that will be hacked…” What category does your organization fall into?
That opening quote is an alarming line from a 2021 report from Howden, a leading international insurance group. Indeed, according to Howden, we’re living through multiple pandemics. Not only are we living through the COVID-19 pandemic, but we’re also suffering through a ransomware pandemic:
“2020/21 will forever be synonymous with COVID-19. But it will also be remembered for another (digital) pandemic that has transformed the cyber threat landscape: ransomware. The frequency and severity of ransomware incidents have grown considerably over the last year, with cybercriminals deploying new tactics and techniques to achieve one simple goal: to make money…”
The report talks of rampant ransomware with attacks in the fourth quarter of 2020, with incidents up 170% compared to the first quarter of 2019. Moreover, ransomware costs rose 145% in 2021 compared to 2020, with insurance rates also climbing by 30%.
Due to soaring risk and claims, more and more insurers are raising their premiums and adjusting their policies. For some, this even includes the requirement to demonstrate a functioning security program and to show that technical controls are in place. For those with a previous claims history, insurance companies may even deny renewals. According to a Reuters report from summer 2021, AIG is one of the insurers who have raised their premiums:
“American International Group Inc is tightening terms of its cyber insurance, noting that its own premium prices are up nearly 40% globally, with the largest increase in North America…”
The elevated risk is impacting many industries, as the Howden report explains:
“…Exposures are growing rapidly and now cut across virtually every aspect of business. Whereas risks were concentrated initially around third party data protection and privacy liability, more recent incidents point to a shift towards first party extortion, business interruption, reputational harm and even physical damage. The surge in ransomware has been one of most consequential developments of the last 12 months, bringing about a sea change to the frequency and severity of attacks, and the cyber risk landscape more generally…”
That all sounds terrible, of course. So what can you do? Back to the Howden report: “The importance of being prepared for a cyber attack cannot be overstated.”
Be prepared!
Just as no driving school can genuinely promise that you’ll never get in an accident if you decide to learn with them, so it goes for cybersecurity. Unfortunately, no cybersecurity infrastructure in the world is 100% secure. Threats exist everywhere and with increasing regularity.
Yet, sensible driving can mitigate your risk of getting in an accident. And practical data security protocols and robust infrastructure can also help to reduce your risk of a cyber attack. Consistent backups can also reduce data loss and disruption in the event of a ransomware issue.
With insurance costs surging, mitigating your risk is going to become even more valuable. For example, imagine being able to show you’ve been breach-free for five years. That would likely reduce your premiums. Moreover, as mentioned, we’ve even heard of some organizations being unable to secure cyber insurance due to their risk levels.
Of course, reducing your risk is also better for your customers, PR and shareholders. Ultimately, it’s better for your bottom line—no matter your size or field. So if you’ve been putting off looking at your data security infrastructure, now is the time to act. We offer a no-judgement, no-obligation consultation and would be happy to review your needs with you. If you’d like to chat, please reach out.
Disclaimer
While we have made every effort to present accurate, unbiased and helpful information in this article, please note that it reflects the author’s opinion and is written for the purposes of general knowledge, information and discussion. This article is not intended as legal advice, nor should it be considered as advice specific to your individual data security situation. If you would like to discuss your cybersecurity needs in specific detail, please get in touch with us.
