4 Cyber Risk Management Features Middle Market Businesses and Their Brokers Should Look For
Conventional cyber insurance isn’t enough to solve the cyber risk challenges that most middle market businesses face.
Company boards and senior management of businesses with $100 million or more in annual revenue all have cyber exposure risk on their radars and are all aware that assets and reputations can be at risk if a cyber event leads to litigation.
However, awareness of the risk is not the problem facing midsize companies. The real challenge is how to put solutions in place that actually reduce cyber exposures prior to an incident.
Most midsize businesses buy property and casualty insurance, and most have in-house information technology departments that are responsible for the company’s cybersecurity posture.
But these organizations have been increasingly targeted by cybercriminals and other malicious cyber actors, and, without standalone cyber insurance, they can be especially vulnerable to the impact of these attacks.
The Costs of Cyber Attacks for Midsize Businesses
According to IBM Security’s Cost of a Data Breach Report, the average cost of a breach increased to $4.72 million for midsize organizations in 2020. Fifty-two percent of those breaches stemmed from malicious cyberattacks.
But breaches aren’t the only cyber event businesses have to worry about. Ransomware attacks, especially those that occur in conjunction with data breaches, have skyrocketed over the past several years.
Furthermore, supply chain attacks similar to the one that affected Kaseya (a multinational information technology software company) demonstrated that cybercriminals are leveraging their access to attempt to victimize thousands of businesses that rely on third-party software and network services.
As a result, midsize organizations face significant and growing expenses from cyber risk and potential exposures.
In the face of mounting cyber concerns, the question for risk professionals to ask is, “How can we effectively manage cyber risk to prevent a breach from becoming a loss?” The answer is in specialty solutions that combine cybersecurity solutions with insurance coverage.
Cyber Insurance Matures
Insurance products have a maturity curve. It takes years for insurers to fully grasp the scope of a risk and develop coverage features that address it. Directors and officers liability and environmental liability policies went through their own growth process. Cyber insurance is coming into its own: it has become a more mature product than it was 5-10 years ago.
More insurance solutions are available in the marketplace today to address various cyber risks, and midsize organizations should explore specialty cyber insurance to find an optimal solution for them.
In addition to the traditional coverage elements for response services (forensic investigation, legal advice, breach coaching, and incident-related expenses), there are some additional features middle market businesses and their brokers should look for:
1) Cyber risk assessment: Organizations that can recognize their risks before they turn into losses have a big advantage in reducing those potential liabilities.
2)Guidance towards improving cybersecurity: Solutions that identify areas in need of remediation and offer best practices on cybersecurity can go a long way in preventing costly losses and business disruption.
3) Incident simulation: Drills and tabletop exercises of risk scenarios are a valuable way to demonstrate an organization’s preparedness, as well as highlight where additional attention must be paid. Middle market businesses can benefit greatly by working with partners that can simulate cyberattacks and other incidents.
4) Continuous threat monitoring: With the rapid evolution of cybercrime and the growing connectivity of businesses in all industries, cyber defense must become a full-time commitment. Continuous threat monitoring allows an organization to gain visibility into the dynamic threat environment and enable action. &