Cyber threats are surging as employees work from home due to the COVID-19 pandemic, prompting cybersecurity insurers to reassess companies’ security measures—and potentially raise premiums.

Wesentliche Punkte:

  • Rising threats and an increase in remote working due to the coronavirus pandemic are making many organizations more vulnerable to attacks from cybercriminals.
  • With the risk equation shifting, cyber insurers are increasing their scrutiny of policyholders’ security arrangements. 
  • The increased scrutiny could result in higher insurance premiums or even coverage denials for companies.

A remote workforce on COVID-19 lockdown has made many organizations more exposed to cyberattacks. Cyber security insurers have realized that the risk equation has changed dramatically for their customers, and they’re closely scrutinizing companies’ security arrangements and existing insurance policies.[1] As a result, some enterprise risk managers may soon find themselves paying noticeably more for cyber insurance protection—and turning to their CISOs to find out why.

Fertile Ground for Cyberattacks

The COVID-19 pandemic increased the potential for cyber threats. Phishing attacks have continued to rise as malicious actors use COVID-related lures to exploit users’ fears and desire for information about the pandemic. At the same time, a remote workforce using less-secure home networks and personal devices can increase the company’s attack surface. That increases the likelihood that cybercriminals will prey on employees working from home, using phishing emails to hack their credentials and cause other major disruption. Also, VPNs, once a lifesaver for remote workers who needed to connect to a company’s private network, have become something of a cautionary tale because some products have security holes that leave an organization vulnerable to hacking.[2]

According to one legal expert, some cyber security insurance policies draw a line between company-owned computers and personal devices, and may not cover hardware owned by employees—which means the company could be exposed in the event of a breach. Some insurers may also require companies to have a formal written policy for the use of personal devices.[3]

How are Cyber Liability Insurers Responding?

Cyber liability insurers are reacting to the changing risk equation created by the pandemic. According to the Wall Street Journal, insurers are asking to see policyholders’ business continuity plans, and determining whether they’ve been revised to include working-from-home scenarios.[4] Insurers are also escalating their scrutiny of policyholders’ other security practices. In some cases, that means obtaining proof that companies are practicing good digital hygiene, such as ensuring that remote access is secured correctly, that operating systems are kept current with security patches, and that email servers are configured to shield against possible phishing attacks. Overall, insurers are becoming more proactive, alerting policyholders to new exposures and vulnerabilities in their network that might trigger a breach—before a cyber threat wreaks havoc and causes major financial losses.

Cyber Insurance Costs Could Escalate

The greater risk caused by the COVID-19 public health crisis and home working could drive insurers to increase prices, according to the Journal. That’s partly because cyber security insurers are worried that home networks and personal equipment could introduce cyber risks that might not have been a concern when policies were drawn up. Insurers might even deny coverage if companies fail to provide evidence that they are implementing security best practices such as multi-factor authentication, according to the Journal.[5]

Increased recognition of the impact of cyber security events has been driving more businesses to buy cyber security insurance in recent years—and demand continues to rise, according to Fitch Ratings, an American credit rating agency. However, even before the COVID-19 pandemic, cyber security insurers were raising prices as losses increased due to ransomware attacks and other breaches. Fitch noted that the direct loss ratio (the percentage of premium income that insurers pay out in claims) rose from 34% in 2018 to 47% in 2019—and insurers responded by increasing premiums by 2.9% in the fourth quarter.[6]

Cyber security insurers are attempting to improve risk-modeling techniques and trying to enhance their understanding of fast-moving cyber risks. For example, companies face greater scrutiny from their insurers due to the potential impact of far-reaching security and privacy laws at state, federal and international levels. Those laws, such as GDPR and California’s new privacy regulations, impose bigger fines and penalties for cyber-related events.[7] 

Was lässt sich daraus schließen?

COVID-19 has dramatically changed the risk landscape and working practices—and is causing cyber security insurance providers to closely examine companies’ security arrangements and existing insurance policies. Insurers are scrutinizing companies’ security arrangements for employees working at home, and some are proactively alerting policyholders to new vulnerabilities in their network. For some companies, this scrutiny could mean higher cyber liability insurance rates or even denial of coverage.  

 

[1]Cyber Insurers Get Tough on Risk Assessments Amid Coronavirus Pandemic,” Wall Street Journal

[2]Cyber Insurance Tested by COVID-19,” Leader’s Edge

[3]Will the Pandemic Complicate Cyber Insurance Claims?” Dark Reading

[4]Cyber Insurers Get Tough on Risk Assessments Amid Coronavirus Pandemic,” Wall Street Journal

[5]Cyber Insurers Get Tough on Risk Assessments Amid Coronavirus Pandemic,” Wall Street Journal

[6] US Cyber Insurance Market Will Be Tested by Coronavirus Fallout, Fitch Ratings

[7]Cyber Insurers Get Tough on Risk Assessments Amid Coronavirus Pandemic,” Wall Street Journal

Sie wollen noch mehr Artikel wie diesen? Abonnieren Sie unseren Blog.

Erhalten Sie alle aktuellen Nachrichten, Tipps und Artikel direkt in Ihren Posteingang

Das könnte Ihnen auch gefallen:

Cyber-Risiko, Cyber-Versicherung und die Kosten von Störungen

Here's the deal with cyber insurance.&nb…

Here's the deal with cyber insurance.  Companies evalu… Read More >

Michael Madon

by Michael Madon

SVP & GM for Security Awareness and Threat Intelligence Products

Posted Sep 27, 2019

Vernachlässigen Sie die E-Mail-Geschäftskontinuität im Rahmen Ihrer Cloud-Migration?

It’s easy to take email continuity…

It’s easy to take email continuity for granted, especi… Read More >

Sam Greengard

von Sam Greengard

Mitwirkender Verfasser

Posted Jun 02, 2020

Making Sure Your Third-Party Email Services use DMARC

Third-party email services help business…

Third-party email services help businesses conduct essential… Read More >

Megan Doyle

von Megan Doyle

Mitwirkender Verfasser

Posted May 20, 2020