The proliferation of cyberattacks and cyber claims related to ransomware incidents have led to higher insurance premiums over the past few years.
According to a Check Point report from the 3rd quarter 2022, the number of attacks rose 28% year-over-year: Combine that with increased costs and you have a recipe for increased premiums.
The rise in high-impact cyber incidents has pushed the young cyber insurance industry back on its heels as market players reexamined how they assess cyber risk and price coverage. Although pricing has stabilized over the past quarter, businesses would do well to improve scrutiny of their third-party software and supply chains.
SMB Security Challenges
Isabelle Dumont, vice president of market engagement at Cowbell, a provider of AI-powered cyber insurance for SMBs, says the world woke up to the security challenges caused by third-party vendors in 2013 when the retailer Target suffered a major cyber incident tied to system access for its HVAC supplier.
“Many suppliers to large companies often are small businesses that lag behind in their deployment of cybersecurity controls. They can be an easy path for cyber criminals to launch attacks on larger organizations,” she says. “This additional risk needs to be considered when pricing cyber coverage and has an impact on cyber insurance premiums.”
She explains that having adequate cybersecurity deployed when interacting with third-party vendors drastically improves the risk profile of any organization. “It also makes it more insurable for cyber, which in return lowers premiums or opens more coverage options,” Dumont adds.
This approach by larger businesses ranges, for example, from compliance to security best practices when deploying cloud providers and requiring multi-factor authentication (MFA) for maintenance services when they access the company’s connected equipment.
From her perspective, third-party scrutiny on cybersecurity yields positive outcomes for all, starting with the most important benefit, which is to lower the likelihood of facing a cyber incident.
Jerry Caponera, general manager of risk quantification at ThreatConnect, a threat intelligence company, argues the influence of third-party vendors on a company’s cyber insurance premiums varies based on the relationship.
“A company can take out insurance for third parties, but we don’t see a lot of those premiums tied directly to the number of third parties a company has under contract,” he says. “The effectiveness of third-party vendors’ security doesn’t play into the cost of a cyber insurance premium.”
Continue reading Jerry’s observations here: Information Week – Security & Risk Strategy