The average cost of a data breach in Canada hit a record high in the last year: $6.75 million per incident.[1] Not only is that an increase over last year’s $6.35 million, but it’s even higher than the cost in the U.S.

While this is due, in large part, to work-from-home policies put in place due to COVID-19, rising costs have led to a shift in the insurance market overall. In fact, although many insurance companies saw an overall increase in risk, cyber insurance was one of the harder hit coverage lines due to the frequency and severity of its losses. The onset of the pandemic created an optimal environment for the rise of cyber criminals, posing a challenge to insurers and impacting the market for cyber insurance in 2021 and beyond. 

As the purveyors and protectors of Plan Data for a Pension Trusteed Board and/or Plan Administration Office, safeguarding data has become a significant concern given the high volume of sensitive data managed. Knowing the risks, how the insurance industry is managing them and what your organization can do to mitigate their exposure is more critical than ever. 

The cyber insurance market is unique 

Cyber is still a relatively new line of coverage, so the underwriting process is still developing. Cyber insurers, unlike property and liability insurers, do not have the luxury of looking to historical data to anticipate where losses will likely hit. Furthermore, claims costs for cyber risks are rising at an alarming rate.  CFC Underwriting, a global cyber insurer, reported that claims costs were 5X higher in 2020 compared to 2019.[2] And a recent communique from the Office of the Superintendent of Financial Institutions (“OSFI”) indicated that the loss ratios amongst Canadian federally regulated financial institutions increased more than 400% in 2020 over 2019 levels.[3] 

The impact of large-scale ransomware events is significant

As cyber insurance policies are put in place in 2021 and beyond, the insurance community will be keeping in mind several recent large scale ransomware events including the SolarWinds breach incident from the end of 2020 and vulnerabilities that were identified with Microsoft Exchange versions in the spring of 2021. The SolarWinds hack saw threat actors breach the SolarWinds system and deploy a malware-laced update into a software patch update that was sent to 18,000 clients. In the case of Microsoft, the identified vulnerabilities when chained together allowed threat actors access to the Microsoft Exchange server of a company, steal emails and plant malware for increased access to a company’s network. The extent of the damage is still unfolding, and underwriters are scrambling. to determine the extent of their exposure. In addition to the above events, ransomware attacks against two global insurers in Q2 of 2021 saw one insurer pay out a $40M ransom demand.[4] 

Unfortunately, large-scale events like these are becoming alarmingly frequent. Each major event is forcing insurers to re-think their risk appetite for certain classes of business and industry.

The cyber insurance market is changing

As a result, cyber insurers are responding. Currently, there is intense underwriting scrutiny. This means significant coverage restrictions and limitations on capacity as well as increases to premiums and deductibles. Finally, many insurers are insisting on a strong network security posture. 

Given the current state of the cyber security threat landscape, it is more important than ever to have a plan. Protect your organization with these five best practices:

1. BACK UP YOUR DATA REGULARLY.

If a ransomware event occurs, you’ll want to access your backup data quickly. As a rule, you should back up as often as you can. Each business is different; if your data changes significantly hour-to-hour, then back up in real time.

2. SCAN FOR VIRUSES REGULARLY.

Check your entire network infrastructure, including databases. This is especially critical for organizations with multiple IT managers or locations.

3. TRAIN YOUR EMPLOYEES.

Educate your employees to recognize and delete phishing and malware emails without opening them. This critical step can’t be the sole responsibility of the IT department —it requires a top-down, organization-wide culture of appreciation for this type of security.

4. MAINTAIN AN INCIDENT RESPONSE PLAN.

While you might be able to get your network back up and running after a ransomware attack, the hacker could get to it first. In that case, you’ll have to make a quick decision: Will you pay the ransom? Will you negotiate? Be prepared by proactively answering these questions in advance of a breach and take the following steps now:

• Identify key stakeholders who will play a role in your response, including:
  1. Internal: Legal, HR and IT representatives, and a spokesperson
  2. External: Cyber insurance broker, privacy attorneys and a cryptocurrency broker (since hackers may request payment in bitcoins)
• Plan to minimize the harm to your organization’s finances and reputation.
  1. Decide if you will offer credit monitoring services or establish a call center to field customer concerns.
• Retain robust cyber insurance that offers real data breach resources in addition to policy coverage. Ask your broker about their resources to help you pay a bitcoin ransom, conduct a forensics investigation, and implement notification procedures.

5. BUY CYBER INSURANCE.

Most businesses have a general insurance policy that will cover risks such as damage to property and interruption to their business due to Named Perils or Crime. However, traditional insurance policies typically exclude or only provide limited coverage for cyber-related exposures. Cyber liability insurance coverage fills the gap left by these exclusions and provides access to resources and experts to help mitigate loss from a cybersecurity incident.

Given the changing landscape, it’s important to understand the state of the insurance market, implement key network security protections and purchase cyber insurance. An experienced insurance broker can help navigate and negotiate the challenging cyber insurance environment and help your organization prepare for new and evolving cyber threats.