On Friday July 8th an estimated 14 million customers were impacted by a widespread Rogers outage that interrupted wireless, cable and internet services across the country. The outage lasted throughout Friday’s business day and for some customers, continued over the weekend and beyond.
The experience wasn’t the same for everyone
In March of 2012, former FBI Director Robert Mueller said “I am convinced that there are two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that will be hacked again.” A decade and a pandemic later, his statement continues to ring true.
Attacks are becoming more pervasive and more successful.
Cyber-attacks are constantly making headlines. According to a recent survey of over 5,000 IT Managers in mid-sized organizations, 66% of organizations were hit by ransomware in the last year, up from 37% in 2020. The survey also revealed that 65% of attacks were successful at encrypting data, up from 54% in 2020.
Businesses have been flocking to cyber insurance
It’s no surprise that we’re witnessing more and more organizations seek risk transfer approaches in the form of cyber insurance to protect their business.
Though not new in a traditional sense (as cyber insurance has been available to some degree for over 20 years), cyber insurance continues to evolve just like the IT solutions designed to prevent them. As such, having coverage today does not guarantee that you will still be eligible for coverage in the future. Also, new products are being developed creating discrepancies in what some policies cover and what clients think is covered.
Cyber insurance is evolving
As cyber-attacks become more common, insurers experience significant losses in their Cyber Insurance portfolio. When an insurer continues to sustain a loss due to an identifiable action, they will take corrective action to address the situation to limit their exposure.
The corrective actions taken for cyber insurance have been:
- Removing or reducing policy limits/coverages
- Exiting the cyber insurance market
- Attempting to reduce their risk by creating and enforcing policy eligibility requirements
Altogether, these trends mean that:
- Cyber insurance is becoming more expensive
- Cyber insurance is more difficult to get / be eligible for
- New “partial coverage” cyber insurance products are being introduced
It’s more important than ever to deeply understand cyber insurance. If you have a policy, you need to be sure that you have the coverage you expect (not just partial or limited coverage) and that your business meets the IT security practice requirements for eligibility so you will be covered in the event of an incident.
If your policy is coming up for renewal, it’s important to prepare in advance. Speak with your provider about how the security practice eligibility requirements have changed so you can prepare before your policy renews.