Cyberattacks are costly and potentially devastating for businesses and organizations alike. Yet, despite the headlines that often remind us that cybercriminality is a growth industry, very few of them have actually purchased cyberinsurance coverage although it constitutes a key element in any risk management strategy pertaining to cyberthreats.
As time goes by, access to cyberinsurance is likely to become more difficult. To begin with, the field of cyberinsurance is still a relatively new market. As a result, it is constantly evolving. For example, the forms that used to take a few minutes to fill out in a request for cyberinsurance now require well over an hour and often includes several technical questions that necessitate the input of IT specialists, Given that any inaccurate declaration might cause the insurer to decline coverage, this is a risk no organization should expose itself to.
Second, the nature cyberinsurance itself is becoming more and more sophisticated. You cannot just buy "cyber-insurance"; you need to determine precisely what your needs are. Those may include coverage for ransomware, forensic investigations, lawsuits, data breach notification expenses, regulatory investigations, lawyers and consultants, remedial measures, third-party liability, etc. In light of the above, to insure proper coverage, a serious analysis of an organization's risks and exposure must be conducted beforehand.
Finally, the constant rise of cybercrime has induced, necessarily, a sharp increase in claims. As a result, to offset their costs, insurance companies tend to review their offers accordingly by adding exclusions, by reducing the scope or value of their coverage, or by increasing the insurance premiums. As the article annexed hereto suggests, those premiums are expected to double by 2023!
With the recent adoption of Bill 64 in the province of Quebec, it is to be expected that the trends described hereabove will continue and that the demand for cyberinsurance will increase as organizations become more aware of the risks they are exposed to and of the necessity for cyberinsurance coverage to minimize same.