Let’s start at the beginning. Your organization just qualified for cybersecurity insurance. In addition, you probably noticed your premium increased. In 2016 alone, insurance rates increased 26%, and in 2020 they rose 47%, per the U.S. Government Accountability Office (source). Based on both anecdotal information and estimates online, 2021 has seen record-setting increases. It makes perfect sense to invest in cybersecurity insurance when you see data like, “…cyber crime expected to go from $1 to $6 trillion in 2021.” (source).
And it’s true: cyber insurance helps organizations (healthcare specifically) manage the fallout when cyberattacks do occur. However, it’s vital to remember that having cybersecurity insurance is not a replacement for having a robust cybersecurity plan. Cyberattacks evolve in sophistication and frequency, meaning both growing risks and larger payouts from victims. Most importantly, this means that obtaining cyber insurance in the first place is becoming increasingly more difficult and expensive.
Understandably, in the face of the current cybersecurity climate, insurance companies are demanding that organizations applying for insurance have more rigorous cybersecurity practices. What’s more: if your company doesn’t comply with the terms of the cyber security policies, you may not be covered in the event of an attack (even if you have been actively paying for cyber insurance).
Have you asked the question: Do I need anything more than just carry insurance in case of a cybersecurity attack?
Ask yourself this: was your cybersecurity insurance questionnaire answered truthfully? Some people copy and paste “yes” on one hundred consecutive questions and expect it to yield a policy that will cover you. In reality, you will end up with a piece of paper (faulty cybersecurity insurance) that will likely not pay out if an actual incident occurs within your organization if your answers to the questionnaire do not match reality..
If a significant incident occurs, you will likely be dropped by your insurance company. You’ll then find it very difficult to find someone to cover you. Depending on your industry and what regulations apply, this could result in your business’s end.
Ok, enough of the doomsday scenario. There is an easy and viable solution! Don’t ignore your cybersecurity plan– invest time and resources into its success. Hear us loud and clear: cyber insurance does not replace the need for a cybersecurity program. Just because your organization is qualified for cyber insurance does not mean you can sleep on cybersecurity. Focus, invest, and you will yield positive results for your business.
PK Tech provides managed IT and cybersecurity services for small to medium-sized businesses in the Greater Phoenix Area. If we can support your business in any way, contact us here.