On July 29, NetSPI Managing Director Norman Kromberg was featured in an article in VentureBeat called Cyber Insurance is On the Rise, and Organizational Security Postures Must Follow Suit. Read the preview below or view it online.
Despite best efforts to the contrary — ransomware, hacks and data breaches are more prevalent than ever.
Close to 75% of global cyber-risk decision makers report that their company experienced at least one cyberattack in the past year — and just 3% of respondents rated their company’s cyber hygiene as “excellent.” Furthermore, recent research puts the average ransom payout at $211,529.
Naturally, to protect themselves, more organizations are investing — often significantly — in cyber insurance, particularly as cybersecurity breaches, hacks and ransomware attacks are often not included in traditional policies.
Cyber insurance companies, in turn, are increasing premiums and becoming ever more selective about the companies they’re willing to insure.
Insurance at a premium
Cyber insurance is much like other insurance coverage. It is a means to manage risk and loss from certain events — in this case, cyberthreats.
Although it varies by insurer and amount carried, policies can cover costs associated with business email compromise, ransomware attacks, phishing attacks and other social engineering attacks, explained Jennifer Mulvihill, business development head for cyber insurance and legal at cyber defense platform company BlueVoyant. Policies can also provide both first-party and third-party coverage, she said.
All told, the cyber insurance market is expected to be $25 billion by 2026, according to an annual cyber report by The Howden Group. The National Association of Insurance Commissioners also reports that cyber insurance premiums collected by the largest U.S. insurance carriers in 2021 increased by 92% year-over-year.
This trend will only continue, predicted Norman Kromberg, managing director at cybersecurity company NetSPI. Today’s unpredictable threat market makes it challenging for insurers to accurately evaluate an organization’s IT management and security control maturity. He anticipates that it will be more and more difficult to receive payouts for claims, particularly if there is a breakdown in controls.
You can read the full article at VentureBeat!