Cyber insurance

Cybersecurity companies underinsured?

Data breaches are a major concern to businesses and governments around the world. So one would think that carrying cyber insurance would be a given. It is not, especially for one particular classification of industry: Cybersecurity.

According to Munich Re, a risk analysis firm, 87% of companies lack coverage. Ransomware payouts doubled to $1.1B in 2023, according to Chainalysis. That’s probably why the cyber insurance industry is booming. The market hit $14B in 2023 and is set to double to $29B by 2027.

Large firms are more likely to carry insurance than small to medium companies (SMCs), even though they are more likely to be targeted by cybercriminals. However, small companies are more likely to carry much larger limits than larger companies.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here
Read more...

An encryption primer: Don’t wait

Encryption became a hot topic in the news in the past month. The United Kingdom, Sweden, France and the EU are considering requiring “back doors” to encryption protections. The “Signalgate” scandal in Washington, DC started most people asking, “What is this encryption stuff?” So we decided to provide a primer on the state of encryption today.

While the technology behind encryption is complex, it is not new. The basic algorithms have been with us for decades, silently running on devices and servers, invisible to the user. The purpose is basic: to keep data safe from prying eyes, like criminals and nation states.

Encryption is also a good way of saving money and not just in avoiding ransoms. Insurance companies often offer up to 15% premium discounts to businesses demonstrating strong security practices, including proper data encryption. Encryption significantly reduces the risk of data breaches and their associated costs.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...

Do corporations really care about your security?

“Your security is important to us,” is a common phrase on corporate websites and emails, usually after some data breach that affects customers. To prove that statement, corporations invest billions of dollars in the cybersecurity industry. Most market projections say the industry is worth about $180 billion. About 15 percent of that market goes to data security. But all the indications are that we are losing the war in personal identity security That leaves is with the question: Do corporations really care about customer security?

Probably not

US Department of Health and Human Services reported recently that. in the US, there have been 2,213 breaches since 2020, with 152.1M affected individuals. That is almost half of the American population. But that is just breaches involving medical data.

The FBI reports, in the same period, more than 350 million stolen personal information records, exceeding the known population of the country. Worldwide, the number of personal identity information (PII) records exceeds one billion people.

So how bad is it? “I always tell people assume your social security number has been breached. Just assume that,” said John Meyer, senior director for Cornerstone Advisors, an organization providing security consultation to financial organizations.

So we are spending tens of billions of dollars to protect data from exfiltratation on almost a weekly basis from attacks bypassing current defenses. Is it worth the investment? Does protecting that data even matter?

Well, yes… sort of

Data security professionals say it is and it does. Communications, industry intellectual property, state secrets, and control of crucial systems must still be protected. Most professionals we talked to cite ransomware attacks as the primary reason for investing in security precuts and services.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...

How Do You Insure an Unpredictable Risk?

From our Cyber Insurance Issue: In today’s interconnected digital world, there is no such thing as an “unconnected” business.   That means for most that the extent of their online exposure will include running a calculated risk of becoming the victim of a cyber-attack because that event risk can never be zero. Or does i

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...