Jera, a specialist provider of IT support and cybersecurity services, has published a free, editable Cyber Risk Insurance Compliance Checklist to help UK businesses assess their eligibility for increasingly rigid cyber risk insurance products.
Following surges in the number and severity of cyber-attacks in recent years, particularly for healthcare and educational providers, the insurance sector has become far more conscious of cyber risks, making insurance coverage harder to qualify for and often significantly more expensive.
Trends and Changes Affecting the Cyber Risk Insurance Sector
Cyber risk insurance has evolved substantially over the last ten years. From being a standard inclusion in commercial insurance policies as a supplementary feature and a relatively inexpensive safeguard, it has multiplied in costs and become a specialist insurance product with an increasingly long list of eligibility requirements and exclusions.
Multiple factors have contributed to this reduction in accessibility:
- Far greater recognition of the severity of a potential cyber-attack or data breach, with high-profile attacks impacting even huge global multinationals.
- Increase sophistication used by cyber criminals, making standardised firewalls and other safeguards ineffective.
- The greater use of cloud-based technology, with various implications around the possibility of human errors creating a vulnerability and more entry points for cyber criminals to infiltrate cloud-based systems.
- Higher claimable values, where changes in data protection legislation mean that insurance pay-outs in the event of a successful breach or cybersecurity event are greater.
Research conducted by Microsoft identifies that over 80% of all ransomware attacks occur due to mistakes in the configuration of cloud services, whereas Gartner, the US-based tech firm, reports that as many as 99% of cloud security failures may be the user's fault.
Insurers and underwriters incorporate all these metrics into their decision-making, such as whether to offer an insurance product, the premiums they charge, and the exclusions and conditions associated with a commercial cyber risk insurance policy.
What Do Higher Cyber Risk Insurance Costs Mean for UK Businesses?
For some organisations, the challenge is in understanding how to update and upgrade their security protections – and ensuring that investments made in cybersecurity are sufficient to qualify for the level of insurance coverage they require. Others may believe that overhauling their security policies may negate the need for insurance altogether, although Jera advises this may be a false efficiency.
The direct outcomes of the changing attitudes within the insurance space have varied ramifications, including:
- A lack of suitable, affordable insurance for smaller businesses.
- Reduced access to insurance pay-outs in the event of a breach.
- Increased exposure to business-critical cyber events without appropriate insurance coverage to allow for business continuity.
- Financial pressures where organisations are unsure whether it is worth upgrading their security to qualify for insurance or forgo insurance altogether.
Jera says that the better solution is to gain an understanding of the specific protocols, policies and monitoring solutions businesses can use to demonstrate full compliance with even the most rigid policy conditions – providing a more secure trading environment while having the benefit of robust insurance coverage.
Improving Access to High-Quality Cyber Risk Insurance Coverage
Jera Director, Ally Hollinks-Kirk says, ‘We work with a diverse array of clients, from public sector organisations to private businesses and large enterprises – and issues with cyber risk insurance have been a common thread across our client base.
Many have come to us for advice having been refused cyber risk insurance or have been quoted extremely high premium values which would be unaffordable or include such a long list of exclusions that the coverage provided simply wouldn't offer any tangible benefit in the event of a cyber-attack or data loss.
Our new Cyber Risk Insurance Checklist is user-friendly. It sets out all of the common terms and conditions insurers impose, split into basic, intermediate and advanced-level cyber risk insurance products. This simple document means clients, and indeed any business, can audit their compliance with cyber insurance requirements, log all the protections they have in place, and identify where changes may be necessary to extract real-world protection from cyber risk insurance.
We remain on hand to offer professional assistance, whether you need technical advice about how to comply with requirements imposed by your insurer, want help assessing your eligibility for robust cyber risk insurance products, or wish to upgrade your in-house cyber protection using any of our service packages.’
Read more about Jera - IT Security Company, Jera IT, Develops Free Security Audit Following Huge Data Breach Industry Trend
About Jera
Jera provides fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Edinburgh, Aberdeen, Glasgow and the surrounding areas.
***
Source Company: https://jerait.co.uk
Publicist: Woya Digital
Published by: Steve OBrien