Should You Invest in Cyber Insurance?
The digital age has brought many positive changes to how people do business. Companies of all industries and sizes rely on electronic storage for their data, be it on computer hard drives or the internet. Online access and commerce is also flourishing; in the next couple years, over 5 billion people worldwide will have access to the internet. Yet despite all the benefits, there is one major drawback to the internet system: the growing risk of cyber crime. Hopefully cyber insurance can help cure some of these ills.
Cyber attacks are on the rise. In 2020, daily ransomware attacks increased by 50%. Ransomware is the most common method of attack; the damages resulting from ransomware have increased 7,000-fold over a 5 year span. In 2015, damages were valued at $24 million. In 2020, that number ballooned to $170 billion. Nowadays, cyber crime can be compared to the 3rd largest economy on Earth.
No business is completely safe from cyber crime. Even corporate giants can be compromised. When meat-processing giant JBS was targeted, they paid the largest known ransom in a cyber attack, at $11 million. Acer was attacked for a demand of $50 million, the largest known demand in a ransomware attack. While it may be policy for the FBI to suggest not paying ransom to hackers, it puts the company between a rock and a hard place when their operations are halted by malware.
How Prepared is Your Business?
Businesses are unprepared for cyber attacks. This is especially true of small to midsize businesses (SMBs). In the past year, 66% of SMBs were the prey of at least one cyber attack. Of those successfully targeted, 60% of SMBs go out of business within 6 months after a data breach or attack. The cause of their bankruptcy goes beyond the initial ransom payment. Replacing or recovering the infected devices can be expensive. Productivity suffers when systems are shut down by malicious actors. Halted operations cost the business revenue. Furthermore, customers are distrusting of businesses they know were compromised in a cyber attack. A lost customer is a lost lifeline.
Given the high cost of recovery from a cyber attack, businesses of all sizes are taking out cyber insurance policies to protect themselves. For SMBs, cyber insurance policies usually cover up to $1 million in damages. Damages covered include profit lost to halted operations or reputation damage, liabilities arising from contract penalties or media fines, and lawsuits like class-actions and regulatory investigations. For businesses, this coverage can mean the difference between survival and bankruptcy.
It should be noted, however, that cyber insurance doesn’t cover everything. Many insurance providers won’t pay to replace damaged or “bricked” devices. Long term profit losses after a cyber attack are difficult to attribute solely to said cyber attack and may not be covered. Many insurers have also stopped covering the cost of ransoms as well, both for affordability and legal reasons. Despite these gaps, many businesses still view cyber insurance as an invaluable asset. While cyber security prevents attacks, cyber insurance ensures the successful attacks won’t be fatal to companies.