55% of Organizations Have Cyber Coverage

A new report, the BlackBerry Limited Cyber Insurance Coverage study, has hit the cyber cover situation head on revealing that: just 55% of organizations currently have cyber insurance, and of those, most policies have limits far lower than the cost of the average attack.

Key findings of the report issued by Blackberry include: 

· Only 55% of respondents currently have cyber insurance, while over half (56%) of the insured are only covered up to $600,000 – not even enough to cover the median ransomware demand of 2021.

· Businesses are concerned about how they would cover the costs of a cyberattack. Many say they would like government assistance in paying for ransomware attacks (44%), a figure which rises to an even 50 percent amongst businesses with under 1500 employees.

· The importance of cyber insurance in business deals is growing with 60% of respondents claiming they would be hesitant to enter a new agreement with any organization lacking cyber insurance

· Two-thirds of respondents said they would reconsider a partner or buyer relationship due to poor cybersecurity practices or a breach.

· The biggest challenges organizations face with cyber insurance are lack of transparency from insurance companies about what will be covered (49%) and costly premiums (57%), which will only get worse with 85% seeing some sort of increase in their cyber insurance premiums over the last 12 months.

  The BlackBerry Limited (NYSE: BB) (TSX: BB) Cyber Insurance Coverage study, shows businesses are increasingly concerned about how they will meet ransomware demands. Only 19 percent of those surveyed have ransomware coverage limits above $600,000, while over half (59 percent) hoped the government would cover damages when future attacks are linked to other nation-states.  Small-to-medium sized businesses (SMBs) – who have become a favorite criminal target – are especially feeling the heat. Of businesses with under 1,500 employees, only 14 percent have a coverage limit in excess of $600,000. A recent Forrester report estimated that a typical data breach would cost the average organization $2.4 million to investigate and recover. Perhaps unsurprisingly, 50 percent of SMB respondents hoped the government would increase financial aid in all ransomware incidents.

“Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate threats and wait patiently in order to extract maximum damage,” said Shishir Singh, Executive Vice President and CTO, Cybersecurity at BlackBerry. “For uninsured and underinsured organizations, this potentially puts them in extreme jeopardy. The cyber underground is increasingly sharing learnings and partnering to make threats as efficient as possible. It’s vital businesses strengthen their security posture against these threats by supplementing insurance with a prevention-first software approach that lowers their overall risk.”

Many businesses reported cybersecurity coverages that are poorly tailored to their current situation. Over one-third (37 percent) of respondents aren’t currently covered for any ransomware payment demands, while 43 percent aren’t covered for auxiliary costs such as court fees or employee downtime.

At the same time, cyberinsurance has become harder to get, due to increased software requirements placed by insurance brokers. Over one-third (34 percent) of respondents have been denied coverage due to not meeting specific Endpoint Detection and Response (EDR) software requirements. These increased requirements however may be having a real impact on reducing ransom payouts.

“Though it might sound counterintuitive, continuing to adhere to software requirements is one of the best ways to fight the ransomware industry,” said Vincent Weafer, CTO at Corvus. “In our portfolio alone, we’ve seen a 50 percent reduction in the ratio of ransom demands that end up being paid. Better software adoption is a critical element in better positioning organizations to stand up to attackers.”