The cost of insurance in a digital worldBy Lim Teck Wee
As more businesses grow their presence online, cyber insurance is slowly gaining traction.
One often turns wary and perhaps cynical when considering what type of insurance coverage to get. Questions like ‘I have never required it before’ and ‘Is it necessary?’ race through one’s mind when faced with the steep costs of premiums. Unless you have generously deep pockets, you might never be at ease no matter how prudent you are.
The same could be true for businesses surveying the rapidly increasing costs of cyber insurance. As more businesses grow their presence online, cyber insurance is slowly gaining traction as a protection against future catastrophes. Cyber insurance policies are designed to help organisations mitigate losses incurred in the event of a data breach or cyber-attack. Policies differ based on the severity of cyber risk faced by an enterprise, but across the board in Asia Pacific and globally, premiums are skyrocketing.
Rising Insurance Premiums in An Unpredictable World
Cyber risk has emerged as a threat with even greater real-world consequences, as we become increasingly digitised. Today, firms are looking to extend hybrid work to maintain flexibility for their workers. The key component facilitating this is sophisticated technology, but with greater IT complexity comes greater vulnerability to cyberattacks.
Singapore – like any other country - is no stranger to cyber security breaches and stolen data. The Cyber Security Agency of Singapore (CSA) observed a 154% increase in ransomware from 2019 to 2020 in the country. Various high-profile data breaches last year resulted in customers having their personal information stolen. At the recent Asia Tech X Singapore summit, Deputy Prime Minister Heng Swee Keat noted in his opening speech that globally, there was a “50% increase in cyberattacks on corporate networks last year, and a 20-fold increase in ransomware attacks against governments”.
Globally, cyber insurers have responded with rapidly rising premiums and stricter required security controls. Estimates have put premium rises at 50% and some premiums have doubled as insurers are faced with rising payouts.
Lowering Insurance Costs with The Right Cybersecurity Tools
Business interruptions, compensation to impacted customers, and regulatory fines are all consequences of a successful cyberattack. Having insurance against cyber security breaches is a proven lever for business risk mitigation. To lower the costs of premiums, high standards of cyber threat resilience must be met. This is done through the adoption of certain cybersecurity protocols.
Heightened risks produce new business models and subsequently, advanced security controls are becoming a prerequisite for insurance.
Most cyber insurance underwriters require industry standard protection such as multi-factor authentication (MFA) to confirm the identity of remote employees and privileged users such as system administrators or third-party IT support vendors. They also access whether the organisation has in place identity security controls such as privileged management access (PAM) and zero-trust policies. Zero Trust vets users thoroughly and does not offer access based solely on the physical or network location of users and devices while PAM effectively protects and audits access of privileged users for specific functions, providing them access for such functions only over a limited time.
In addition, insurance companies consider whether the organisation has established best cyber practices. These may include employee education programmes that raise cyber threat awareness. Other ways to illustrate best practices also include incident response plans to ensure policyholders have detailed ransomware playbooks and mitigation plans in place.
Raising awareness of the cybersecurity and threat landscape not only strengthens security posture, but also reduces premiums and ensures that cyber insurance protects, rather than costs the business. Whilst still a comparably young sector here, cyber insurance is gaining momentum and will no doubt come to be a key element of business models. If companies can identify their diverse levels of cyber risks, they can deploy solutions that shield themselves from the worst effects of attacks and determine the best coverage for respective assets to offset losses.