For those companies who ask why they should invest in reducing cyber risk when they have cyber breach insurance – here is why.
As a result of recent breaches, cyber insurance premiums for those companies whom insurance companies deem to be in high risk industries saw their premiums go up, on average, 32%.
In addition, insurers are raising deductibles and in some cases, limiting coverage.
Not surprisingly, retail and insurance have been the hardest hit, but I expect that insurance companies will realize the risk is higher than they expected in other industries as well.
Anthem said that their renewal rates, after the breach, were prohibitively expensive and difficult to get. They did eventually get the coverage they wanted, but only after they agreed to pay the first $25 million in breach costs.
American International says they are turning clients away and I know that other carriers are doing this as well.
Berkshire Hathaway started offering cyber insurance this month but says that they are going to be very selective in writing policies.
Insurance companies are finally telling clients that they need to tokenize credit card numbers or implement end to end encryption if they want to get their policies renewed.
And, the brokers are saying that the restrictions that insurers are writing into policies today will be the basis for litigation two or three years from now.
Which is why cleaning up your cyber risk act may soon be a requirement for getting carriers to write a cyber risk policy at all.
Soooo, you can be proactive and do what every carrier will be telling you have to do in a couple of years and do it now. OR, you can scramble when your policy is up for renewal – if you are able to get coverage at all because the solutions to the problems are expensive and take time to implement.
Information for this post came from Reuters.