A cyber security strategy is no longer a nice to have for businesses. Cyber attacks are on the rise, and the increasing use of cloud services and the rise of remote work means that company attack surfaces are more extensive than ever.
In line with this, research indicates that 25% of Canadian businesses suffered a cyber attack in 2021 – and the number is only expected to rise this year.
To combat the risk of a cyberattack, many businesses have invested in cyber insurance to help them recover from the financial damages associated with a data breach. However, this facet of the cyber security industry is currently undergoing great disruption.
The changes to cyber insurance – which we will explore in more detail below – mean that this form of cover is no longer a silver bullet, and SMBs need to reconsider their approach.
Let’s take a look at why below.
What is cyber insurance?
For those unfamiliar with the concept, cyber insurance is a form of insurance coverage that helps businesses to recover from losses associated with a cyberattack, such as a ransomware attack, phishing scam, or credentials compromise.
It’s worth noting that cyber insurance can’t actually protect you from an attack. It’s not a security solution, but a means of financial recovery.
Why is the cyber insurance market changing?
Over the last 18 months, ransomware attacks have crippled businesses across Canada and the rest of the globe. Ransomware is a form of cyberattack where a hacker locks access to your files until you pay a hefty ransom.
Ransomware attacks have become such a widespread problem that insurers are running at a loss. They’ve been paying the funds to help their clients recover from ransomware attacks and becoming unprofitable.
In line with this, the Superintendent of Financial Institutions in Canada stated that the loss ratio for cyber insurance was 100% in 2021.
It’s clear things need to change for insurers – or they’ll go out of their business. What we’re seeing now is the following changes to policies from insurers:
- Insurance premiums are becoming more expensive so that insurers can sustain long-term profitability.
- Insurance providers are editing their terms and conditions, meaning they won’t provide coverage for every form of attack. We’re seeing more and more insurers remove ransomware coverage from their policies.
- Insurance providers are putting more conditions in place for their clients, requiring clients to bolster their defenses so that they are less likely to suffer from a cyber attack.
In essence, cyber insurance is becoming harder to obtain and more expensive. For SMBs, this means that cyber insurance may now be out of budget.
How Managed IT Services can help you navigate this disruption
If you previously didn’t invest that much in security because you had cyber insurance, you need to change your strategy. Cyber insurance providers will no longer provide coverage to high-risk businesses (companies that don’t have a solid security strategy in place).
Moreover, given that the price of cyber insurance is rising, it no longer makes sense to prioritize insurance cover over essential security investments.
To that end, we think that the best way for SMBs to move forward is to invest in essential security measures that will reduce their likelihood of a successful cyber attack. Doing so will improve their resilience against security incidents while making insurance coverage less expensive – if that is a route they would like to go down.
Of course, we understand that most SMBs do not have the internal resources, time or experience to build, roll out and manage a thorough security strategy. This discipline is far from static. A solid security strategy takes constant refinement and development.
This is where a managed IT services provider can be of great help. A good managed IT services provider will act as your virtual security manager, helping you improve your defenses against potential attacks, educate your people on good security hygiene, and respond to security incidents before they lead to a data breach.
If you’re considering purchasing cyber insurance coverage or working with a managed IT services provider, the latter is definitely the way to go. Your provider will act as your security sage – and can even help you to find the best insurance policy when you’ve reached the right level of security maturity.
Not sure where to start with security? Have questions about cyber insurance?
We understand the various kinds of cyber threats and know how to protect your Ontario business against them. Our cyber security services will provide you the peace of mind you require focusing on day-to-day business activities and taking your business to the next level.
Contact us today to learn about our cyber security managed services! Call 519-672-0900 or reach out online.