According to a Government Accountability Office (GAO) report issued last week, nearly half of all companies surveyed had some form of cyber-insurance coverage in 2020, up from 26% in 2016. This reflects the growing concerns organizations have with cyber threats, in particular ransomware attacks. While this news may seem like a boon for insurers, the frequency of ransomware attacks and the increasing cost of the ransoms demanded are forcing carriers to raise premiums and even limit coverage in certain sectors deemed high-risk—like education and health care—where organizations collect highly sensitive data but, in many cases, fail to defend their networks adequately from intruders. The GAO reports that a recent survey of insurance brokers indicates that more than half of the respondents saw premiums for cyber insurance increase between 10% and 30% in late 2020. Moreover, one global insurance company recently announced that it would stop writing cyber policies in France that reimburse customers for ransomware extortion payments, citing a concern that such reimbursements embolden hackers and may provide a disincentive for organizations to harden their network defenses.
With ransomware attacks on the rise and insurance companies beginning to limit coverage and increase costs, organizations can prepare for these types of attacks by doing the following:
- Updating breach response plans and disaster recovery plans
- Regularly updating software with new security patches
- Training and educating employees on phishing and spoofing attacks, which often provide access for attackers
- Implementing and maintaining strong cybersecurity protocols, such as requiring personnel to change passwords regularly and use secure networks
- Maintaining secure backup of key data