Surprised by Your Cyber Liability Insurance Rates? Here’s What Happened.

If you’re using cyber liability insurance (and you should be), you may be in for a rude awakening when your policy renews this year. Cyber liability insurance rates are skyrocketing like crazy, jumping as much as 20 to 50 percent in one year.

The jump in rates is certain to make some organizations question whether it makes better business sense to drop their insurance policies. Short answer: it would be a grave mistake to do so.

It would also be reasonable to wonder if the insurance companies saw an opportunity to make a cash grab, as cyberattacks become more of a threat to organizations. While my skeptical side wouldn’t put it past some insurance companies to do that, in most cases that’s not what’s happening. This is a problem that some of the insurance customers created for others.

So what’s behind the sudden jump in cyber insurance rates, and what can you do about it?

TCT proves compliance doesn't have to suck.

Check out the TCT podcast:

Listen Now

The Backstory

More companies are adding cyber liability insurance, because the financial fallout of a data breach can shut down even some large businesses in a matter of weeks — the average cost of a cyberattack is $3.86 million. As businesses realize that cyberattacks are a matter of when, not if, the demand for insurance coverage is growing.

In the early days of cyber insurance, companies would simply sign up for the coverage and forget about it. They might not take their security responsibilities seriously, because the insurance was purchased with the intention of covering their financial losses.

Over the next several years, more and more companies followed suit — signing up for cyber liability insurance without having everything in place to actually qualify for the insurance. In some cases, these organizations mistakenly assumed they were following security best practices. In other cases, they simply didn’t take it seriously.

As cyberattacks increased, a large volume of these under-protected insurance clients got hit, costing the insurance carriers a huge amount of money. Insurance providers were paying out more than they were bringing in, and eventually they made the inevitable adjustment.

Cyber liability insurance rates were hiked up to keep the providers in business, and we’re all paying for it.

What Can You Do About Your Cyber Insurance Rates?

Every company that buys cyber liability insurance is seeing their rates jump. TCT has a far stronger security stance than many larger international organizations, yet even our cyber liability insurance rates jumped 35 percent from last year. There’s no avoiding it, but you may be able to minimize the rate increase for your company.

If your organization is truly taking security and compliance seriously, and you can prove it with documentation from a third-party assessment, go to your insurance provider and try to negotiate your rate down. Insurance companies are generally willing to reward their clients for protecting themselves — which is what safe driver and good student discounts are all about.

In our case, TCT reduced our rate by 3.5 percent. It’s still a big hit, but why pay more than you have to?

Even if you don’t go through a full-scale third-party audit, pick a security framework and work through it internally. Go line item by line item and have everything tracked, managed, and consolidated in a place where you can easily refer to it. If you can show your insurance carrier that you’re proactively managing your security and compliance obligations, you may be able to get a rate reduction.

Don’t Rely on Cyber Liability Insurance

Remember: your cyber insurance was never designed to be your primary form of protection for your company. It can’t prevent disasters or inherently protect your data. It can’t ensure that bad things won’t happen to you, and it won’t safeguard your company’s reputation. Insurance can only reimburse you for financial losses, after the fact.

A far stronger protection plan is to take your security and compliance seriously and follow a framework to proactively protect your company. The financial investment you put into that program provides direct shielding for your organization against malicious attacks. Your insurance policy won’t prevent anything, except bankruptcy. But a robust security program actually helps prevent a successful attack in the first place.

And as more organizations get it, and do their due diligence, the greater our chances of seeing insurance rates start to level out again.

Subscribe

Get equipped with insider expertise

Subscribe to the TCT blog