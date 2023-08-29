IT

Internet

See all Internet

IT

See all IT

Mobile Tech

See all Mobile Tech

Security

See all Security

Technology

See all Technology

Newsletters

See all Newsletters

Cyber Insurance Costs Rising, Coverages Shrinking: Report

IT Managers

Rates for cyber insurance policies continue to rise while a growing number of exclusions are shrinking what’s covered by them, according to a report released Tuesday by a cybersecurity company.

Nearly four out of five (79%) of the more than 300 organizations in the United States surveyed by Censuswide for privileged access management provider Delinea saw their insurance costs increase, while more than two-thirds (67%) noted their cyber insurance premiums had increased 50% to 100% when they applied for or renewed their policies this year.

“Over the past year, it’s become evident that cyber insurers are learning from their data and are now maturing,” Delinea Chief Security Scientist and Advisory CISO Joseph Carson said in a statement.

He explained that in the early days of cyber insurance, insurers were just trying to address a huge demand, but now they realize they must reduce their exposure to both avoidable and uncontrollable circumstances.

“Our survey results find that most organizations are not approaching cyber insurance with the same diligence — they are simply looking to get covered,” he continued. “What they’re not checking is whether the policy they had last year is what they need now or if their policy changed at renewal.”

“This ‘cyber insurance gap’ could put a lot of organizations in a tough place when a cybersecurity incident occurs, and they want to utilize this financial safety net,” he added.

Risk assessment and cyber insurance will always be in flux, the same way threat vectors evolve, explained Bud Broomhead, CEO of Viakoo, a provider of automated IoT cyber hygiene in Mountain View, Calif.

“Recent changes such as the shift of threat actors exploiting vulnerable IoT/OT devices and more open source vulnerabilities are driving insurers to adapt their risk models and to also impose conditions on the insured, such as requiring automated cyber hygiene for non-IT devices and systems,” he told TechNewsWorld.

Exclusion Explosion

One way that insurers are reducing their exposures when writing cyber insurance policies is by limiting their coverages through exclusions. The Delinea report found that the list of exclusions voiding coverage in a cyber policy is growing.

The top reason given by the survey’s respondents for excluding coverage in a policy was a lack of security protocols in place (43%), followed by human error (38%), acts of war (33%), and not following proper compliance procedures (33%).

Exclusions can lower the worth of having cyber insurance in the eyes of an organization. “Any exclusion that excludes social engineering scams or human error essentially kills that policy, because most cyberattacks are related to those two root causes,” maintained Roger Grimes, a defense evangelist at KnowBe4, a security awareness training provider in Clearwater, Fla.

“Seventy to 90 percent of all successful cyberattacks involve social engineering,” he told TechNewsWorld. “Any exclusion that excludes social engineering is essentially giving you almost no chance of getting reimbursed.”

Exclusions reduce the overall value of a policy because they reduce the true scope of coverage, added Jason Dettbarn, founder and CEO of Addigy, maker of an Apple device management platform in Miami.”

“More importantly, though, very few companies meet the core underwriting requirements,” he told TechNewsWorld. “They don’t have the right cyber/IT management tools or processes in place internally.”

Onus on Victims

Carson told TechNewsWorld that the increasing list of exclusions and limitations means organizations must understand the fine print within the policies to ensure their claim will be approved.

“If organizations don’t follow the policy claim procedure, they could find themselves with certain incident or data breach costs that might not get covered as part of the claim, so it is critical to know the correct procedure before you need to use it in the middle of a cyberattack,” he said.

“The big question will be how many of those exclusions will hold up in court after the key court case earlier this year with Merck winning regarding the ‘hostile/warlike action’ exclusion clause shouldn’t be applied to a cyberattack on a non-military company — even if it originated from a government,” he added.

Darren Williams, CEO and founder of BlackFog, a developer of an on-device, anti-data exfiltration technology in Cheyenne, Wyo., asserted that the escalating costs of cyber insurance are taking its toll on all businesses globally.

“We are seeing many small businesses choose to no longer have any coverage due to the number of exclusions, but rather invest in preventative cybersecurity solutions,” he told TechNewsWorld.

“As indicated by this research,” he said, “human error is unavoidable and one of the leading causes of ransomware attacks, and acts of war can be interpreted very broadly if desired by insurers.”

“In addition,” he continued, “exclusions combined with recent announcements from states banning ransomware payments make insurance of limited value.”

“Ultimately, the onus is on the victim to prevent data exfiltration, and therefore, the risk to the business needs to be carefully weighed,” he added.

Operational Necessity

Nevertheless, organizations that eschew cyber insurance do so at their own peril. “Cybersecurity is near mandatory for any business that holds customer data and is at risk of a data breach or ransomware attack,” Dettbarn observed.

“Today, cyber insurance is highly recommended,” said Theresa Le, chief claims officer at Cowbell, a provider of AI-powered cyber insurance for SMBs in Pleasanton, Calif.

“Even with the best cybersecurity efforts, businesses still face residual cyber risks due to system misconfigurations, employee errors, or other unintentional security gaps,” she told TechNewsWorld. “It is increasingly common for cyber coverage to be required in contractual agreements.”

Carson noted that one of the most surprising statistics from the report is the increase in organizations that used their cybersecurity insurance more than once, from 41% in 2022 to 47% in 2023.

“This once again shows that cyber insurance does not necessarily mean better security, and it is a financial safety net when security incidents do occur,” he said.

“On the positive side,” he continued, “insurance providers are maturing with improved data and insights into what is required to make businesses more resilient against cyberattacks, and their policies are now requiring better security best practices from businesses before they can even become insurable.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
A team of information technology professionals
New US Initiatives Aim To Better Defend Against Cyberattacks
August 15, 2023
information technology professional monitoring computer network
Cyber Chiefs Brace for Major Attacks in Next 12 Months
May 9, 2023
proxyjacking IP addresses
Hackers Are Cashing In With Hijacked IP Addresses
April 4, 2023
More by John P. Mello Jr.
view all
A new report on identity theft reveals an alarming increase in suicidal thoughts among victims, emphasizing the profound personal toll of ID theft.
Growing Number of ID Theft Victims Mulling Suicide, ITRC Reports
August 23, 2023
artificial intelligence
Generative AI Riding Crest of Gartner Hype Wave
August 17, 2023
AI in business
Experts Say Workplace AI Bans Won’t Work
August 16, 2023
robocall incoming on a smartphone
Researchers Reveal Method To Stifle Malicious Robocalls
August 10, 2023
AI to fight internet predator crimes against children
AI Drafted in War on Online Crimes Against Kids
August 9, 2023
MBA graduates in 2023 are attracted to helath care and AI startups
MBA Grads With Startup Ambitions Attracted to Health Care, AI
August 2, 2023
green software practices for environmental sustainability
Devs, IT Leaders Urged To Embrace Climate-Conscious Coding Practices
August 1, 2023
green business, ESG, environmental, social, and governance
Google Green Report: Sustainability Wins, Water Goals Remain Elusive
July 26, 2023
Twitter rebranded as X
Musk Rolls Dice With Drastic Rebranding of Twitter
July 24, 2023
young man on a videoconference
Scammers Posing as Bioscience Firms Target Student Job Hunters
July 19, 2023
More in IT
CCI Kenya
CCI Kenya Talks Automation and Importance of Human Touch for E-Commerce
August 17, 2023
Low-Code/No-Code platforms for manufacturers to utilize artificial intelligence and machine learning.
How Low-Code/No-Code Platforms Can Help Manufacturers Embrace IoT
August 11, 2023
business conflict
AppSec, Devs Clash Flags Need for Paradigm Shift in Software Industry
July 5, 2023
organizations can now control a secure enclave on a remote worker's personal computer
Venn Unveils Secure Enclave Tech To Control Remote Work Computers
June 28, 2023
Tech Talent Trend: Hiring Eased, Upskilling in Limelight
June 26, 2023
computer programmers analyzing cybersecurity systems
HP Addresses Rising Security Threats Before an AI-Driven Wave of Pain
June 26, 2023
technology in healthcare
Redefining Health Care: Integrating Tech for a Consumer-Centric Focus
June 22, 2023
binder of standards and compliance
Calix Doubles Down on Genuine Industry Standards
May 9, 2023
HP Amplify Partner Conference, March 29, 2023 in Chicago
HP Affirms ‘Better Together’ at Its Amplify Event
April 5, 2023
Business Conditions Prime for More Open-Source Contributors
March 15, 2023

Do you support audio-video monitoring in K-12 classrooms?
Loading ... Loading ...

Technewsworld Channels

Applications

Applications

How Low-Code/No-Code Platforms Can Help Manufacturers Embrace IoT

Audio/Video

Audio/Video

Back to School Tech Buying Advice for Parents

Chips

Chips

Intel’s Return to Profitability Is Critical to Its Forward Momentum

Computing

Computing

When Betting on Linux Security, Look at the Big Picture

Cybersecurity

Cybersecurity

New US Initiatives Aim To Better Defend Against Cyberattacks

Data Management

Data Management

Google Green Report: Sustainability Wins, Water Goals Remain Elusive

Developers

Developers

Devs, IT Leaders Urged To Embrace Climate-Conscious Coding Practices

Emerging Tech

Emerging Tech

Experts Say Workplace AI Bans Won’t Work

Exclusives

Exclusives

Is Generative AI the Next Big CX Thing Despite Its Risks?

Gaming

Gaming

Alienware Power Trio Suits Gamers and Work Go-Getters

Hacking

Hacking

Scammers Posing as Bioscience Firms Target Student Job Hunters

Hardware

Hardware

Microsoft 365 Copilot: Are You Ready for Your Personal AI?

Health

Health

MBA Grads With Startup Ambitions Attracted to Health Care, AI

Home Tech

Home Tech

Winees L1 2K Solar Security Camera Has Good Performance, Flawed App

How To

How To

Leverage the Power of Data To Monitor Home Energy Efficiency

Internet of Things

Internet of Things

Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security

IT Leadership

IT Leadership

If Only Documentation Looked as Clean as the Code

Malware

Malware

HP Addresses Rising Security Threats Before an AI-Driven Wave of Pain

Mobile Apps

Mobile Apps

A Comprehensive App Development Strategy for Business Success

Operating Systems

Operating Systems

Rhino Linux Unleashes First Rolling Release Ubuntu Stable Edition

Privacy

Privacy

Researchers Instantly Crack Simple Passwords With AI

Reviews

Reviews

Apple Vision Pro and Why the Goovis G3 Max May Be Better

Science

Science

Redefining Health Care: Integrating Tech for a Consumer-Centric Focus

Search Tech

Search Tech

Google Invites Public To Test Drive Its AI Chatbot Bard

Servers

Servers

Gaming Industry Know-How Created AMD’s Winning Data Center Strategy

Smartphones

Smartphones

Why Samsung Needs Apple To Validate Foldable Smartphones

Social Networking

Social Networking

Musk Rolls Dice With Drastic Rebranding of Twitter

Space

Space

DARPA Moves Forward With Project To Revolutionize Satellite Communication

Spotlight Features

Spotlight Features

Modern EdTech Goes Beyond Coding to Career Preparedness

Tablets

Tablets

One More Thing…Apple Unveils Vision Pro Mixed-Reality Headset at WWDC23

Tech Buzz

Tech Buzz

Researchers Reveal Method To Stifle Malicious Robocalls

Tech Law

Tech Law

The Problem With Suing Gen AI Companies for Copyright Infringement

Transportation

Transportation

Study Finds EV Battery Replacement Rare, Most Covered by Warranty

Virtual Reality

Virtual Reality

Apple Vision Pro: Gateway to a New Computing Future

Wearable Tech

Wearable Tech

Poly Voyager 60 Series Earbuds Provide a Premium Audio Experience

Women In Tech

Women In Tech

‘Women Don’t Play’ Confronts Gender Disparity in the Tech Industry

More from ECT News Network

E-Commerce Times

Bridging the SMB-Enterprise Retail Gap With Gen AI
Bridging the SMB-Enterprise Retail Gap With Gen AI
August 24, 2023
2023 Holiday Sales Outlook Not Making Merchants Merry
2023 Holiday Sales Outlook Not Making Merchants Merry
August 22, 2023
The Container Store Enlists Vibes for Smart Mobile BTS Marketing
The Container Store Enlists Vibes for Smart Mobile BTS Marketing
August 8, 2023

LinuxInsider

When Betting on Linux Security, Look at the Big Picture
When Betting on Linux Security, Look at the Big Picture
August 28, 2023
Rhino Linux Unleashes First Rolling Release Ubuntu Stable Edition
Rhino Linux Unleashes First Rolling Release Ubuntu Stable Edition
August 15, 2023
More Fintech Players Cashing in on Open-Source Offerings
More Fintech Players Cashing in on Open-Source Offerings
August 10, 2023

CRM Buyer

Salesforce Starter Is Integral To Cover the CRM Waterfront
Salesforce Starter Is Integral To Cover the CRM Waterfront
August 24, 2023
Oracle Advances
Oracle Advances
August 15, 2023
Customer Retention by Extraordinary Means Is Not CRM
Customer Retention by Extraordinary Means Is Not CRM
August 4, 2023