The Increasing Importance of Cyber Liability Insurance
In the current digital age, Cyber Liability has become a primary concern for businesses across the globe. The frequency and severity of cyber attacks continue to escalate, and this trend shows no signs of abating. As companies increasingly digitize their operations and processes, they expose themselves to a multitude of cyber threats, highlighting the crucial need for comprehensive Cyber Insurance and robust Business Security measures.
A Snapshot of the Rising Cyber Threat Landscape
Growing Cyber Attacks
Businesses, particularly those with revenues exceeding $100 million, have experienced a notable surge in the number of cyber claims. In the first half of 2023, cyber claims rose by 12%, driven largely by an upswing in ransomware and funds transfer fraud (FTF). This increase was even more pronounced for large corporations, which witnessed a 20% rise in the number of claims and a staggering 72% increase in claims severity.
Rising Ransomware Claims
Ransomware claims frequency saw an unprecedented hike in the first half of 2023, escalating by 27% from the previous half-year, reaching a record high with a 117% increase over the previous year. Meanwhile, FTF claims frequency grew by 15%, with FTF severity increasing by 39%, leading to an average loss cost exceeding $297,000.
The Reality of Business Concerns and Practices
Cyber Threats Among Top Concerns
For nine consecutive years, cyber threats have ranked among the top three concerns for businesses, according to the annual Travelers Risk Index. In the 2023 iteration of the study, 58% of participants expressed significant concern about cyber-related issues.
Interestingly, despite being a leading cause of cyber-related claims, ransomware was ranked ninth among cyber-specific business worries. This is particularly concerning given the aggressive tactics employed by ransomware attackers, such as demanding exorbitant ransoms, deleting backups, and threatening to expose confidential data.
Even as the majority (90%) of businesses expressed confidence in their cyber practices, a significant 25% had not taken fundamental steps such as installing firewalls or virus protection and implementing data backup and password updates.
The Increasing Cost and Complexity of Cyber Breaches
Record High Cyber Breach Costs
In 2023, the global average data breach cost reached a record high of $4.45 million. This represented a 2.3% increase from 2022 and a 15.3% increase from 2020. The most expensive component of this cost was detection and escalation, indicating a shift towards more extended and complex investigations.
Impact of Data Breach Discovery
Data breach discovery played a significant role in the cost and impact of a breach. When organizations detected breaches internally, they were able to limit the impact significantly. However, only one-third of the companies surveyed discovered the data breach through their own security teams.
Mitigating the Effects and Costs of Cyber Breaches
Involving Law Enforcement
Involving law enforcement in the event of a ransomware attack can save money and shorten the lifecycle of the breach. The 37% of organizations that did not involve law enforcement incurred an additional $470,000 in expenses on average.
Leveraging Artificial Intelligence
Extensive use of AI and automation security capabilities can reduce the time required to identify and contain a breach by an average of 108 days. These organizations also reported $1.76 million lower data breach costs.
Focusing on Incident Response Planning and Testing
Organizations that prioritized incident response (IR) planning and testing saved $1.49 million over the year compared to those that didn’t. Yet, only 51% of organizations surveyed planned to increase security investments following a breach.
The Crucial Role of Cyber Insurance in Mitigating Cyber Risks
Increased Adoption of Cyber Insurance
The percentage of businesses that have been victims of a cyber event has more than doubled since 2015, leading to an increase in the number of companies with a cyber policy. However, small businesses (34%) remain the least likely to secure cyber insurance coverage.
The Value of Cyber Insurance
Cyber insurance offers businesses a safety net to mitigate the financial impact of a cyber attack. It provides coverage for costs associated with data breaches, including legal fees, public relations efforts, and customer notification and support.
The Rising Tide of Common Vulnerabilities and Exposures (CVEs)
Increase in CVEs
There has been a 13% increase in average monthly CVEs from 2022 to 2023, with more than 1,900 new CVEs expected each month this year. These include 270 high-severity and 155 critical-severity vulnerabilities.
Exploitation of CVEs
Once a CVE is known, attackers can target an organization within days. The majority of CVEs are exploited within the first 30 days of public exposure.
The Growing Threat of Ransomware
Ransomware Attacks on Databases
Databases exposed to the internet are often the starting point for many data leaks. The widely used databases Elasticsearch and MongoDB have recorded high rates of compromise, with 26% of all installations through MongoDB compromised by ransomware attacks.
Remote Desktop Protocol (RDP) Attacks
The most common remote-scanning protocol used by attackers is RDP. Many database servers run outdated software, making them easy targets for attackers leveraging old protocols with new vulnerabilities.
Essential Measures to Improve Cybersecurity
Regular Software Updates
Organizations should prioritize applying updates to public-facing infrastructure and internet-facing software within 30 days of a patch’s release. Regular software upgrade cycles can help mitigate vulnerabilities in older software.
Secure Communication Protocols
Organizations should use secure communication protocols to access their data and enforce multifactor authentication. Services should not be exposed to the internet.
The rising tide of cyber threats underscores the urgent need for businesses to prioritize cyber liability and invest in comprehensive cyber insurance coverage. Effective business security measures, coupled with a robust cyber insurance policy, can provide businesses with the necessary protection and peace of mind in today’s volatile cyber threat landscape.