As a result of the rise in cybercrime over recent years, more and more organizations have turned to cyber insurance to limit their financial risk, in case they become the victims of a cyberattack. Unfortunately, cyber insurance won’t cover every type of event or every cost, and recent news indicates that insurers are becoming more risk-averse and stricter in their contracts.
Because so many cyberattacks are financially damaging, cyber insurance companies have had to pay out substantial claim monies, and they are tightening their requirements. According to a recent Forbes article, cyber insurance policies are increasingly likely to have clauses that exclude war and hostile acts. This narrowing of coverage is hardly surprising, given the conflict between Ukraine and Russia, which includes an uptick in cyberwarfare between the two countries. Furthermore, repercussions of the conflict may result in nation states or individuals targeting governments and private sector organizations of allied nations, with cyberattacks including data breaches or denial of service (DDoS) attacks.
When it comes to risk reduction and insurance against such activities, a DDoS solution can help take the pain out of having to read the small print.
What does this tightening of cyber insurance requirements mean for enterprises that are not directly involved in such conflicts, but are pulled in because of the global nature of the Internet? First, organizations must carefully consider the various clauses of their cyber insurance policies. In short, they must study the fine print of insurance contracts – and do so more closely than ever, as part of their due diligence – and weigh the possible risks of an attack. Second, policy holders must be aware that cyber insurance companies often require organizations to take reasonable steps to prevent the damaging impacts of cyberattacks. That may mean a policy holder having a limited window of time to update or patch software or implement solutions that reduce vulnerabilities in their IT environment.
Ransomware, malware, phishing, blackmail, and Distributed Denial of Service (DDoS) attacks are among the more common, disruptive, and costly types of attacks. It can be difficult to measure the costs of an actual attack, never mind anticipate the costs of a potential attack. Costs vary dramatically, depending on the type, extent, or duration of an attack, the organization’s business model, and the scope of the business disruption. The average cost of a DDoS attack, for example, is $218,000, not including any ransom demand costs. Beyond the obvious costs of a ransomware, or ransom DDoS (R-DDoS), attack – the ransom demand itself, typically requires payment in anonymized cryptocurrency, which may cost up to several hundred thousand dollars. Cybercriminals are increasingly combining ransomware with data theft or R-DDoS. Recovery from a cyberattack typically involves significant IT staff or consultant resources, and can require upgrading, or replacing, software and hardware. In addition, there could be litigation and other remediation costs, which can be a devastating blow to many organizations.
Cyber insurance is not a substitute for adequate cybersecurity, so just having cover in place should not give security or risk officers total peace of mind. Companies that protect themselves appropriately, such as having a real-time, always-on DDoS protection system in place, may be able to obtain more comprehensive, or less expensive, cyber insurance cover. For example, advanced protection technology provides increased peace of mind to cyber security and risk professionals, because it virtually eliminates the damaging impacts of a DDoS attack, whether small and sophisticated, or large in scale.
For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here. If you’d like to learn more, please contact us.