Credits: Insurance Mag
It was at the core of some of the biggest news stories of 2017, with businesses worldwide being forced to hand over huge sums of money to unlock encrypted files and recover data.
The cyber insurance market has, in turn, enjoyed a huge boost, as the far-reaching impacts of cyber threats become better understood. A key element of cyber insurance is business interruption coverage, which will cover the enterprise for lost business during a cyberattack. This area of coverage is becoming “increasingly important,” according to Iram.
“In 2018, the largest growth area in the cyber insurance market will be mid-market adoption of standalone policies. Due to the recent proliferation of cyber threats, business interruption coverage is becoming increasingly important for mid-sized businesses to large enterprises,” he told Insurance Business.
A survey conducted in October 2017 by California-based cyber security company At-Bay, found that respondents were particularly concerned about their ability to stop a significant ransomware attack compared to other types of cyberattacks. This highlights business interruption as “a crucial coverage area for countering potential ransomware damages,” Iram noted.
Even simplistic cyberattacks can result in meaningful business interruption and monetary loss. For example, global shipping giant Maersk was severely affected by the NotPetya cyberattack in June 2017, when some malware caused denial of access to data, which disrupted various company operations.
“In 2018, I predict that a new generation of ransomware attacks will threaten corporate enterprises,” said Iram. “We expect sophisticated attackers to capitalize on this opportunity and launch targeted and meaningful business interruption ransom attacks on companies with meaningful digitized operations.
“We have yet to see meaningful APT ransom attacks, demanding millions of dollars in ransom, which we predict will emerge in the New Year. The existing cyber insurance coverage is not set up for this risk, as limits on business interruption coverage are very low.”
Cyber insurance holds the most value when supported by an effective risk management program – something that mid-market companies will increasingly look for alongside more business interruption coverage, according to Iram.
“Given the rapid changes in cyber threats, cyber insurance coverage based on a snapshot of the security standing of the company is not enough to counter meaningful changes in risk profile,” he said.
“Mid-market companies who cannot afford an army of IT security professionals, will increasingly look for a risk management program that goes beyond insurance and actively supports a company to stay safe.”