The importance of cybersecurity


Cyberattacks have increased exponentially in the last couple of years across the world. According to the Sophos State of Ransomware Report 2022, 66 per cent of global organisations surveyed were hit with ransomware in 2021, up from 37 per cent in 2020. The average ransom paid by organisations that had data encrypted in their most significant ransomware attack, was US$812,360, with 11 per cent of victims paying ransoms of US$1M or more. Overall, almost half (44 per cent) of the respondents whose organisation’s data had been encrypted used multiple methods to restore data.

The challenge of sophisticated cyberattacks like ransomware facing organisations continues to grow. Optimising cybersecurity has become imperative for all organisations. It is important that investments are made as part of a wider dynamic security strategy that is regularly reviewed and updated. A part of this strategy should also include cyber insurance.

Cyber insurance conditions are getting harder

Cyber insurance has, until now, been a ‘soft’ market, characterised by high capacity and low premiums. However, the market is starting to harden, as insurers see their payouts rising faster than the income from premiums: the industry’s loss ratio has risen.

Several factors are driving this hardening of the market:

Cyberattacks are constantly evolving, making it hard for insurers to assess the true risk of a client being attacked

The costs to recover from a cyberattack are increasing

The pandemic and growing use of the cloud have accelerated the interconnectedness of the business environment, increasing exposure

While most organisations already have some cyber insurance coverage, many are finding the bar for renewal is getting higher as capacity shrinks – and premiums are going up. It’s also getting harder for many organisations to get insurance in the first place as the underwriting process grows more and more rigorous and overall capacity drops.

Helps with cyber insurance

There is a direct relationship between cybersecurity and cyber insurance and having strong cyber defences in place can help in a number of ways:

Makes it easier to get cyber insurance

In light of the challenges facing the cyber insurance market, providers are focusing increasingly on managing – and reducing – risk. Good cybersecurity can help organisations reduce cyber risk which, in turn, makes a more attractive prospect for cyber insurance coverage.

Helps reduce premiums

Just as being a non-alcoholic, non-smoker and having good medical reports reduce your health insurance premiums, having advanced IT defences helps reduce cyber insurance costs. While the insurers’ exact premium calculation algorithms are a closely guarded secret, customers consistently say that the quality of their protection impacts their premiums.

Reduces the likelihood of making a claim and higher premiums in the future

 As with other forms of insurance, if you make a claim, you can expect a significant increase in your premiums in subsequent years. By minimising the risk of being impacted by a cyberattack, organisations reduce the likelihood of calling on their policy – and helps keep your premiums down.

Reduces the risks of non-payment

Poor IT security hygiene can prevent organisations from receiving financial support in the event of an incident. If the insurer believes that the organisation “left the door open” through weak practices, they may have grounds to not pay out.

Can minimise the impact and cost if an incident occurs

Responding quickly and appropriately to a cyberattack can significantly reduce the impact and cost of the incident. Having a malware incident response plan in place and being able to call on experienced incident responders will help to minimise the fall-out from the attack. Cybersecurity and cyber insurance both are necessary, and they complement each other. Just like a health insurance protects from the financial impact of a disease but not from the disease itself, cyber insurance protects from the impact of cybercrime though not from the crime itself. 

Lastly, organisations must not fall into the trap of prioritising cyber insurance ahead of all security measures; in fact, insurers may not provide insurance if an organisation does not have adequate security measures in place. In addition, by investing in and prioritising security, it can become easier to get coverage, lower premiums, and remove barriers to pay outs if you need to make a claim.

(The writer is the Managing Director – Sales,  for India and SAARC at Sophos)

By Sunil Sharma