Cybersecurity risk is on the rise: How agencies are responding
In 1971, Bob Thomas wrote a program designed to jump between computers connected to a primitive network. As it travelled, it announced itself with the message “I’m the creeper; catch me if you can.”
This innocent message that spread among computers is the ancient ancestor of today’s cyber crime. Our daily news is inundated with stories of breached data, ransomware attacks, and installed malware that can take down a company's entire system. In a 2020 report, CyberSecurity Ventures predicts that global cyber crime will increase by 15% each year, resulting in a staggering $10.5 trillion by 2025.
These statistics highlight the need for businesses of all sizes to protect their data and systems from theft and disruption. Data protection measures alone are no longer enough to secure company and customer information from a sophisticated, criminal enterprise intent on taking what is not theirs.
The insurance industry is adjusting to this rapid increase in criminal cyber activity by designing policies that directly address the financial burdens commercial clients face in the digitized world. According to the GAO, the number of cyber-specific insurance policies increased from $2.2 million in 2016 to $3.6 million in 2019, a 60% increase. Yet, in 2019, only 31% of small- and medium-sized businesses had cyber insurance protection.
Commercial clients are vulnerable to cyber attacks
Despite the expanding need for protection and choices for stand-alone policies, some agencies still find it difficult to convince their clients to buy cyber security coverage. One reason is that some businesses have not been fully educated on the exposure and risks they face by plugging into the internet. Stories of ransom demands, data theft, personal information exposure, and malware attacks inundate the news, but many commercial customers remain highly vulnerable.
A recent Cisco cyber security analysis reports 83% of small- and medium-sized businesses are not prepared financially to recover from a cyber attack, and nearly half of these businesses had to shell out an average of $25,000 in the aftermath. These figures highlight the need for commercial business clients to invest in cyber policies to protect their interests. Commercial clients may also feel that they will not be attacked because their data does not interest hackers and cyber criminals. Yet it is this misunderstanding that makes small businesses a prime target for hackers, who are constantly looking for vulnerable and unprepared systems. Nathan Little, Vice President of Digital Forensics for Tetra Defense responded to this expensive misunderstanding in a recent article: “Cyber crime is very opportunistic. Every company, no matter what the size, is an opportunity for a cybercriminal to make money.”
Agencies face challenges in a constantly changing threat landscape
Agencies may also find that writing policies is difficult because the cyber insurance market is rapidly evolving, and criminals typically adapt faster than underwriting. Yet, the speed of crime does not discount the overwhelming need for protection from cyber invasion. Carriers will keep working to create innovative coverage options that balance risk with protection while agencies will continue to communicate the necessity of cyber crime insurance to their clients. This continued partnership will help the industry build cyber products that work for all stakeholders.
It is clear that commercial customers need to protect their valuable digital assets and systems. Cyber crime is here to stay, and the methods criminals use to steal data, invade systems, and take business processes hostage will only become better, faster, and more insidious. Small- and medium-sized businesses are prime targets for invasion, yet they are often underprepared to weather a cyberattack. Agencies who write cyber policies for their commercial customers are helping to protect the marketplace from digitized crime that will not relent.