Insurance & cyber-attack: a new inseparable duo?

In 1789, Benjamin Franklin said, “In this world nothing is certain except death and taxes.” In the 21st century, it is necessary to update it by taking into account the essential news of the century: cyberattacks. It is certain that when it comes to cyber threats, no sector, no industry or company is immune.

While in France the debate around cyber-insurance is still ongoing and demand continues to grow, cyber-attacks have become the daily life of all companies. They are practically unavoidable and the resulting costs can be particularly high. Can insurers offer flexible and affordable cyber insurance for businesses of all sizes?

The cyber threat landscape

In a recent report, researchers revealed that small and medium-sized businesses (SMBs) are currently experiencing 11-13 attacks per day per device. Meanwhile, the rise of connected devices, remote working and the digital transformation of enterprises are making the threat surface wider and more complex than ever. The most publicized cyber events of late have involved sophisticated ransomware attacks against critical infrastructure and technology companies. In recent months, many governments around the world have placed cybersecurity at the top of their public policy priorities.

However, in France nearly 98% of companies are VSEs-SMEs. These companies face a steady and relentless stream of attacks, the perpetrators of which use a range of less sophisticated, but no less effective tools, such as phishing, DDoS (denial of service), data theft and malware. Additionally, it is increasingly common to observe emerging cybercriminal trends and tactics such as RaaS (Ransomware-As-A-Service). Some pirates have even specialized in attacking these structures. This means that even the smallest structures have become attractive targets due to the ease and profitability of the hacking operation.

Risk vs cost of insurance

The impact of a cyberattack can be devastating. One day, everything seems to be going normally; the next day, the business can no longer process card payments, top-ups, or perform even the simplest automated tasks. Customers, partners and suppliers can all fall victim to the ensuing chaos.

Today, more and more industries are connected – both internally between employees and externally with supplier partners. An attack doesn’t necessarily need a poorly protected endpoint, all it needs is a smartphone app, a point-of-sale (POS) system, or a digital connection somewhere along the data chain. to find and exploit a loophole. The IoT-enabled warehouse, supply chain software or even the electric delivery van are also possible entry points that are often overlooked. Finding a new front door is a playground for cybercriminals, and lack of security comes at a price.

Most businesses, regardless of size and industry, are not properly prepared for a cyberattack, although the consequences and costs can be high. SMBs are typically the hardest hit with 60% closing within six months of a cyberattack. However, in France, 82% of the cyber-insurance market concerns large companies, 13% of ETIs, SMEs and VSEs sharing the remaining 5%[1]. This same report explains that the reason cited by these small companies for non-subscription would be the cost of insurance premiums that were too high. Indeed, when weighing the risk against the cost of hedging, almost a third of companies chose to take the risk.

It should be noted that the various statements made by public representatives against the payment of ransomware are pushing insurers to examine their coverage provisions. Separately, last year, AXA France – one of the territory’s largest general insurers – announced that it would no longer cover the cost of ransomware payments. Result: there is a lack of unity in the insurance market for cyber risks, which makes the subject complex and inaudible for companies facing a real risk.

Prevention is better than cure

Creating a more sustainable future for cyber insurance means balancing the perceived risk to businesses with the costs charged. Adopting a new prevention-focused approach to cybersecurity paves the way for this balance. In terms of cyber detection and response, they can no longer take an outdated approach based on the detection of known threats. Instead, a prevention-first approach stops threat actors at the gates of the network, using machine learning models based on artificial intelligence (AI). This also makes it possible to identify a threat before it is executed and even before it is known.

For companies with limited internal IT resources – especially SMEs which are particularly vulnerable – there are support assistances that can accompany them with specialized security resources via a monthly subscription. Coupled with the prevention-first approach, this increases a company’s ability to detect, monitor, react to and prevent security breaches, in order to optimize uptime and reduce the risk of exposure. to attacks.

Preventing breaches would pave the way for a moderating effect on rising cybersecurity insurance premiums more effectively and in the long term. The result would therefore be to be able to access a more affordable product for the greatest number of companies wishing to cover themselves against cyber-risks, and to make the market more attractive and sustainable for insurers.

We would love to give thanks to the writer of this short article for this outstanding content

Insurance & cyber-attack: a new inseparable duo?

Visit our social media profiles as well as other related pages