Cyberattacks have grown in complexity and cost over the last decade. Verizon’s Data Breach Investigations Report found a 13% rise in ransomware attacks this year alone. Paired with high-profile cases such as the Uber data breach and the detrimental Colonial Pipeline attack in 2021, cyber attacks can no longer be thought of as an inconvenience. Instead, cyber attacks should be considered a catalyst for catastrophic financial loss.
Companies are quickly turning to cyber insurance to alleviate these potential losses. Small and medium-sized businesses were the primary victims of cyber incidents and represent 89% of all cyber loss events that exceeded 10% of revenue, according to Cyentia.
The downside? Policyholders are quickly finding that traditional cyber insurance offerings are not equipped to match the complexity of today’s cyber threat landscape. Traditionally, cyber insurance policies are determined once a year – an annual evaluation that considers potential risk at that moment. When the policy is up for renewal, usually a year later, the threat landscape has considerably changed and the organization’s risk exposure has changed. Organizations have policies that are ultimately disconnected from the risks that must be covered, leaving them to cover significant losses independently. Said in fewer words? Underwritten policies are becoming irrelevant faster than we could ever imagine.
To meet the evolving complexity of cyber threats, cyber insurance providers are turning to more dynamic cyber insurance offerings to remain aligned with the policyholder’s exposures and overall risk profile. Rather than implementing an annual risk evaluation, adaptive cyber insurance policies evolve with the risk covered, continuously offering coverage in line with a business’s risk profile. The continuous, never static, risk assessment leaves little room for coverage gaps throughout a policy period.
Dynamic and continuous cyber insurance offerings have been found to encourage policyholders to implement more advanced cybersecurity measures. They are incentivized to implement baseline cybersecurity protections such as multifactor authentication, data backup and more. This allows policyholders to avoid higher premiums and potentially disastrous financial losses or reputational damages by providing a constant assessment of risk. In addition, policyholders are empowered to improve their organization’s cyber risk profile and demonstrate cyber hygiene.
Benefits of adaptive and dynamic insurance programs
Through continuous risk assessment, policyholders can proactively and significantly reduce the likelihood of cyber risk incidents by predicting how at-risk they are of a cyber attack. In taking control and improving their risk profile, they can manage their coverages and premiums; and correctly size their coverage to avoid over and under coverage. Cyber insurance that is dynamic reduces both upfront costs and the costs associated with potential cyberattacks.
Continuous risk assessments benefit policyholders, brokers and all risk-bearing entities. Brokers can more easily predict renewables and distribute robust cyber coverage plans. Risk-bearing entities undergo alignment between risks covered and actual risk. This then accounts for systematic improvement of risk portfolios over time and ultimately preemptively controls losses.
In the wake of complex and increasingly common cyber attacks, companies have increasingly seen their cyber policies become obsolete. The future is now: Enterprises can alleviate significant losses through dynamic, never static insurance policies. Businesses are turning to adaptive cyber insurance policies that frequently evolve to remain aligned with the policyholder’s cyber exposures, avoiding coverage gaps throughout a policy period.
Caroline Thompson is the head of underwriting at Cowbell, provider of cyber insurance for small and medium-sized enterprises. She may be contacted at [email protected].