At a time when cyberattacks are becoming more frequent and costly, it makes sense that companies are seeking ways to limit the potential financial impact of a cyberattack. According to the most recent FBI IC3 Internet Crime Report, the total number of reported cybersecurity incidents and the resulting financial losses consistently and dramatically increased between 2017 and 2021. In 2017, there were over 301,000 complaints which totaled $1.4 billion in losses – numbers that jumped to over 847,000 and almost $7 billion, respectively, four years later.
With these numbers it should come as no surprise that companies are now investing more in cyber insurance than ever before. According to a 2021 report from the U.S. Government Accountability Office (GAO), the proportion of insurance clients that pay for cyber coverage spiked from 26 percent in 2016 to 47 percent in 2020.
While cyber insurance can help companies mitigate the cost of cyberattacks, issues such as rising premiums and stricter coverage limits have raised questions about the future of these insurance policies.
Cyber insurance should be just one element of a comprehensive cybersecurity platform. Focus on how to prevent attacks altogether with proven methods such as cybersecurity awareness training (SAT) rather than just purchasing an insurance plan and hoping you won’t have to use it.
Here is what our colleagues at NINJIO say leaders should know to minimize reliance on cyber insurance alone:
- Cybersecurity starts with cyber awareness. When employees know what warning signs to look out for and how to report potential cyberattacks in progress, companies will be in a much stronger position to thwart those attacks.
- CSAT programs are among the best ways to keep your company safe from cyberattacks. An effective CSAT program is capable of helping employees retain critical information with engaging and relevant cybersecurity content, consistent reinforcement, and robust forms of assessment that allow companies to determine how much employees are actually learning.
- Cybersecurity should always be proactive. It’s a mistake to wait until a massive financial and reputational blow has already been inflicted to improve your CSAT platform. The effectiveness of an CSAT should be consistently evaluated through phishing tests and other means to make sure employees are really turning their training into learning.
Learn more about the risks and rewards of relying on cyber insurance in NINJIO CISO and COO Matt Lindley’s full article on Insurance News Net.