Cyber attacks are continuously evolving, and companies that don’t stay educated about the space could be caught off guard, experts say.
“A lot of times, I think cyber has this type of mentality that it’s not going to happen to me,” said Luis Gazitua, principal at JAG Insurance Group, on this episode of the Insuring Cyber Podcast.
However, that’s a misconception that businesses need to avoid as cyber losses mount, he said.
“Cyber specifically is one of those things that could take down your business,” he said. “It’s one of what I consider the biggest unknown losses.”
This is particularly true for small businesses, despite misconceptions that they won’t be targeted without as large of a footprint as bigger firms.
“Small businesses are the ultimate low hanging fruit,” he said. “It’s more likely that a cyber attack would shut them down indefinitely.”
However, many firms – especially in the small or mid-sized space – may be worried that they can’t afford cyber insurance. Earlier in this episode, Odin Olson, vice president of business development at security operations provider Arctic Wolf Networks, spoke about why he believes this is a false notion.
“Can you afford, or did you plan?” he said. “Maybe it’s a slightly different way to look at that. Can we afford things that come up within two weeks as an organization that maybe hasn’t budgeted or planned for this kind of thing? That’s painful. Can you afford if you’ve thought ahead of time and, as I mentioned just a minute ago, looked for different carriers, different options, different coverage options and that kind of thing?”
He also raised another important question.
“And can you afford not to?” he said. “I think you probably can’t afford to have a $5 million ransomware event.”
One method to ensure businesses can not only afford coverage but also will qualify for it is to get started early, he said.
“I think if you let this conversation go until you’re 30 days out or two weeks out from having to buy a new policy for the year, you’re probably out of time to qualify if you haven’t explored other carriers or brokers,” he said. “That may be one of the biggest items, which is start thinking about this now.”
This will give insureds more time to make technology decisions that are becoming primary drivers for insurers in deciding whether or not to grant coverage, he added.
“You can’t implement technology in two weeks to have the capabilities you need to get a lot of the policies these days,” he said.
For agents and brokers, education about technology and cybersecurity is equally important, he said. Whether it’s multifactor authentication, backup tools, 24/7 monitoring or privileged account management, Olson said brokers should be familiar enough with those terms to give clients at least a two-sentence explanation.
“I think that’s something that the brokers can also be doing to bring more value to their clients,” he said. “To really understand the why and what’s happening with these trends and with these technologies so they’ll be better advisors to their clients.”
According to Gazitua, however, the biggest misconception around cyber insurance is still summarized by the sentence, “It’ll never happen to me.”
“It’s not just, ‘I spent $10,000 on the best IT infrastructure,’ or, ‘I pay every month for the best malware system to protect me from a potential issue,’” he said. “But the truth is most of it is human error.”
He added that with the ongoing remote working environment due to the COVID-19 pandemic, this is even more prevalent.
“There are a lot of systems set up where it’s just human error,” he said. “It could be your kids using your laptop, right? Because how do you balance the personal and business laptop? Those things are happening. I think another big misconception is it’s not just about the system you have in place, but the human error element is never going to go away. That is the most likely reason why you’re going to have a cyber claim.”
For those still questioning whether cyber insurance is affordable or makes sense for their business, Gazitua has a word of caution.
“This is going to be something where maybe you get caught off guard,” he said. “More and more, it is going to become the norm in the next three to five years.”
Check out the rest of the episode to hear what else Odin and Luis had to say, and be sure to check back for new episodes of The Insuring Cyber Podcast publishing every other Wednesday on Insurance Journal TV and Apple Podcasts along with the Insuring Cyber newsletter. Thanks for listening.
Interested in Cyber?
Get automatic alerts for this topic.