Cybercrime remains the single biggest organisational risk to businesses in 2023. To understand the current dynamics we must first look back to 2022. Last year saw a continued deterioration of the cyber insurance landscape, despite the added resilience of improving cybersecurity and increased pressure on cyber gangs from western law enforcement. Ransomware attacks continued to occur whereby hackers would encrypt victims' data and typically offer a passcode to retrieve it in return for cryptocurrency payments. It has become the attack of choice for cyber criminals, who previously favoured stealing data and selling it to third parties.
The insurance market was quick to respond. In addition to substantial premium and excess increases, insurers were extremely selective on the profile of their clients. Additional focus was being placed on cybersecurity hygiene. It has now become a pre-requisite to have robust internal cyber protection in place to be able to obtain any cover whatsoever. Companies need to be proactive in assessing and enhancing their cybersecurity protocols and conveying this clearly when applying for coverage.
There is however good news on the horizon. The pricing of cyber has begun to moderate and whilst insurers remain focused on cyber hygiene they also looking to pre-empt impacts of systemic events. Cyber policies have become far more than an insurance product. As part of our consultative approach, our insurer partners will look to use threat intelligence to help our clients identify when they are being targeted by cyber criminals, essentially helping them mitigate an issue before a claim occurs.
As good housekeeping, we would expect to see the following risk management in place for every client looking to apply for cyber insurance:-
- Suitable antivirus software. Antivirus software can prevent cyberattacks that involve malware, so it’s important to invest in a suitable product.
- Robust VPN. Similarly, VPNs can protect you from hackers and DDoS attacks.
- Firewall. Firewalls can prevent and detect cyberattacks coming from outside of or within your company. Activating your company emails’ spam filters can also prevent phishing scams.
- Data encryption. Encrypting your data is another effective way to protect your business from cyberattacks, especially if you have remote workers. Encryption prevents anyone besides authorised individuals from accessing company files.
- Good password hygiene. While you can’t control how every employee handles their digital security, you can encourage them to practice good password hygiene, especially on their workplace accounts. There are plenty of tools available to help them achieve this.
- Two factor authentication. Multifactor authentication uses biometrics (or password controlled) to verify the identities of employees logging on to their computers, ensuring no one besides authorised users can access your system.
The insurance industry remains an integral part of the solution to the ever-changing systemic cyber risks we face. The outlook has been bleak whilst insurers adjust to today’s more intensive threat landscape. Despite this, there appears to be a cautious optimism about the future of cyber coverage. There have been several new entrants into the UK cyber insurance market over the last few months and we believe as companies improve their cyber risk management, rate increases can be calibrated on a case-by-case basis, rewarding clients with strong cyber hygiene.
Vizion remain committed to providing access to innovative products and services to support cyber resilience and assist our clients in maximising the value in cyber insurance protection.
Should you wish to discuss your individual needs or requirements with us, please do so using the contact information below.