A recent Marsh & McLennan report states that cyber insurance rates could rise as much as 50% in the next 3-4 years. They also report that since 2018 the number of cyber events has grown 150% and there have been more than $20 billion in ransomware claims. Ransomware frequency and severity is leading to an increase in demand for cyber insurance. As a result, the cyber insurance market is hardening, and underwriting guidelines are tightening.
The drastic increase in the number of cyber insurance claims and the severity of each claim – along with the rising demand for cyber insurance – is only part of the reason behind the tightening of cyber insurance underwriting guidelines. The other part of the change is the new and evolving consumer data privacy legislation that has come into effect. Passage of laws like the California Consumer Privacy Act (CCPA) and the effort underway to create a federal consumer data privacy law exacerbates the potential for additional financial losses for those suffering from a cybersecurity attack.
As a result, underwriters are becoming more cautious about the risk they are willing to insure. Underwriters now want to know about your specific cybersecurity practices, controls, and the technology, protocols and expertise that you have to mitigate the threat and impact of a cyber-attack. Underwriters will also want to know about your data back-up procedures, business continuity and incident response plans, your vendor management controls, employee cybersecurity awareness training, email security, and your use of multi-factor authentication (MFA). Add to all that, your ability to comply with the consumer data privacy laws that are applicable to your dealership.
Cyber insurance underwriters understand that no one has a perfect cybersecurity set-up. However, they do expect that you have an understanding of your vulnerabilities, and you have a clear plan – and timeline – for how you will address these vulnerabilities. It is increasingly important that dealers have an account of their cyber-defense vulnerabilities. To get this insight, dealers should have an expert perform a cybersecurity risk assessment. It is only with this knowledge that you can intelligently improve your cybersecurity posture.
Taking action to improve your cybersecurity posture will not only help you mitigate the risk of falling victim to a cyber-attack, but it will also help you in obtaining the necessary insurance you should have in place with the greatest level of protection and at the most favorable rate.