Cyber insurance myths have historically slowed down the adoption of cyber insurance. Even though this line of insurance has been on the market for several decades – its origin dates back to the 1990s – it has only recently gained recognition as an important, standalone line in the general insurance industry. The reasons are obvious: the uptick in the frequency and severity of cyberattacks has been unsettling and many businesses are turning to cyber insurance for added support to respond to the threats.
But there still exist myths and prejudices. Educating agents and policyholders on those and why they might not hold true is an important step in raising awareness around the importance of cyber insurance.
1. Cyber Insurance Myth: Small businesses don’t get targeted by cybercriminals
It is one of the most common and dangerous misconceptions that small and medium-sized businesses (SMBs) don’t need to protect themselves against cyber attacks. In fact, all companies, no matter their size or industry, are susceptible to attacks and can fall victim with just one click on a malicious email, or one misconfigured cloud service. Unfortunately, those phishing emails get sent out by the thousands to randomly generated email addresses, and cybercriminals have moved to sophisticated software that scans the web for security gaps in companies, like cloud misconfigurations. The size of the company they manage to infiltrate only plays a secondary role to them.
The numbers speak for themselves:
- 1 in 3 breaches involve SMBs – (source: report by the SSL Store, a cybersecurity news provider)
- 424% increase in new small business cyber breaches in 2020 (source: Lockton, July 2020)
- A small business is hacked roughly every 19 seconds (source: Lockton, July 2020)
- 43% of SMBs don’t have any type of cybersecurity defense plan set up.
- Only 14% of small businesses believe that they have a highly effective defense plan.
The above numbers are alarming. With the chance of any SMB falling victim to cybercrime being 48%, a cyber insurance policy is a must in order to prepare for incidents and expedite the recovery.
The resulting losses from a successful attack, including ransom payments, business interruption, notification costs, and more, are simply too high and not a chance anyone should take (Cowbell recently created an infographic on the costs of cyber incidents).
2. Cyber Insurance Myth: Data breach endorsements on a P&C commercial policy protects businesses from cyber risks
This could not be further from the truth. Data breach endorsements cover data breaches, period. Not the many other types of cyber incidents that plague businesses in 2021: ransomware, cybercrime, fraudulent fraud transfer. Endorsements are typically sub-limited – as low as $50k or $100k for a data breach endorsement on a Business Owner Policy (BOP), which is insufficient to cover most incidents.
And cybercrime is evolving at incredible speed. Ransomware attacks for example, which now are one of the most common – and most expensive – types of cyberattacks, were barely in play two years ago. The economy witnessed a 486% increase in ransomware attacks from 2019 to 2020.
We should be ready for new forms of attacks to emerge on a regular basis. BOPs do not keep up with the evolving threat landscape, which can mean detrimental consequences after a business falls victim but the type of attack is simply not covered. With a standalone policy, you can be sure that underwriters are knowledgeable about cyber and will update their coverages accordingly.
3. Cyber Insurance Myth: Cyber insurance never pay claims made
This myth plays directly into the above. Without a standalone cyber policy, you are at increased risk of your claim being rejected or sub-limited. But with dedicated coverage, this assumption doesn’t hold true.
The key to debunking this myth is coverage clarity. Without it, policyholders can never be certain on what exactly gets covered and what doesn’t. It makes it obvious to both parties what is insured, and to what extent. Avoiding the complex cyber (and insurance) jargon is critical. Cowbell values transparency and makes it a point to explain coverages and endorsements in a way that makes it easily comprehensible, even for non-cyber experts.
Additionally, our Territory Account Managers are of help whenever agents or policyholders have questions about policies or coverages. They are your point of contact for any issues and questions, and together we can make sure that your business is insured against the type of cyber incidents that it wants and needs coverage on. You find your personal point of contact on our website.
The fact is that 97% said their cyber insurance was adequate to cover their incident costs according to research from the Insurance Information Institute.
4. Cyber Insurance Myth: If I buy cyber insurance, I won’t have to worry about cybersecurity anymore.
This myth is not only false, it could mean immense financial damage to a company and its insurance provider.
Cyberattacks have become more common, more complex, and more technologically advanced. The only way to mitigate the risk of falling victim to them is by maintaining basic cybersecurity hygiene.
This includes the implementation of Multi-factor Authorization (MFA) on all devices, systems, and cloud applications, cybersecurity awareness training for employees, and conducting frequent backups of all systems that contain sensitive data.
Some cyber insurance providers won’t even insure a business that doesn’t have one or several of those measures already put in place.
Something that keeps businesses from implementing those steps is that they are not even aware of the cyber risk they are exposed to. That is why Cowbell created proprietary risk rating factors, Cowbell Factors™, that do just that. They use millions of data points, including inside-out, and outside-in data, as well as dark web scans, to evaluate every business we provide insurance to. Divided into 7 areas, Cowbell Factors™ illustrate a company’s risk profile in an easy-to-understand manner. Cowbell also generates an industry aggregate for peer benchmarking. This helps policyholders gain an understanding of their organization’s risk profile and insurance needs. Cowbell’s risk rating is available for every business at no charge.
Once one of Cowbell’s cyber policies is purchased, policyholders gain even more value. Our Cowbell Connectors™ open a deeper evaluation with refined insights shared with policyholders along with guidance on how to address security weaknesses.
Lastly, Cowbell created a partner ecosystem with field experts to enable closed-loop risk management for all policyholders. This enables businesses to interact with data aggregators, cloud providers, cybersecurity platforms, and many more, in order to properly protect their business.
We also offer complimentary cybersecurity awareness training provided by Wizer for every employee.
Lastly, should a claim still happen, Cowbell will work with our incident response team to support impacted parties through every step from the moment an incident is discovered. It consists of a breach coach, ransomware negotiators, and forensic teams, among others, and will help to get your business back up and running as soon as possible after the incident has happened.
5. Cyber Insurance Myth: You don’t need to worry about cyber incidents if your digital infrastructure is in the cloud.
After everything stated above, It shouldn’t be a surprise that this myth is false as well. In fact, misconfigured cloud services are a common way for cybercriminals to infiltrate businesses’ systems.
A common attack technique is to actually scan the web day and night, looking for safety gaps. And even if a misconfiguration isn’t the reason for a successful attack, the data on the cloud can still be compromised.
That’s why frequent backups of data and systems to a device ideally not connected to the internet are so important. It protects the company and its customers, partners, and vendors from their data being unrecoverable.
Cowbell collects a rich set of data that we share with our policyholders to give them better insights into their individual cyber risk and help with choosing specific coverages.
For any questions or concerns regarding cyber insurance and Cowbell’s standalone coverage, or if you are looking for a broker who can issue you a policy, contact us at [email protected].