Insurance firms piled into a seemingly lucrative market by offering Cyber Insurance which would cover many aspects of a cyber breach – the cost of ransom, recovery, incident management and reputation repair, amongst others. However, the claims rates have been such that many providers are withdrawing from the market. Those left ensure that their potential clients are subject to rigorous questions about their cyber security readiness and their application of cyber awareness across their business.
Cyber insurance is no longer a thing you can just go and buy after searching for the best price – you will probably have to fill out a comprehensive questionnaire that will not only ask what equipment or software you might have deployed, such as firewalls and spam filters, but also if you have policies in place and a cyber awareness training programme that educates your employees to spot potential threats. The consequence of making a weak application for insurance will be either higher premiums or, most likely, the inability to get insurance at all.