Many North American companies lack cyber insurance coverage: survey

Many North American organizations still lack cyber insurance, a new study warns, and those that do not have sufficient coverage.

Only 55 percent of 450 Canadian and U.S. respondents to a survey paid for by BlackBerry and Boston-based Corvus Insurance said they currently have cyber insurance. Another 28 percent intend to acquire coverage soon.

However, of those with insurance, more than a third (37%) said their organization was not covered for ransomware payments. Forty-three percent said their businesses are not covered for ancillary costs such as legal costs and downtime.

Even those who have coverage may be insured at too low a limit. More than half (56%) of policyholders are only covered up to US$600,000. That’s not even enough to cover the median ransomware demand of 2021, according to the survey’s authors.

“Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate on threats and wait patiently to extract maximum damage,” said Shishir Singh, executive vice president and chief technical officer of cybersecurity at BlackBerry.

“For uninsured and underinsured organizations, this potentially puts them at extreme risk. The cyber underground is increasingly sharing knowledge and teaming up to make threats as effective as possible. It’s critical that organizations strengthen their security against these threats by complementing insurance with a prevention-focused software approach that reduces their overall risk.

The survey interviewed 450 managers who make business decisions for IT or security solutions in their organizations.

Interestingly, 60% of respondents said they would be hesitant to enter into a new business agreement with an organization that lacks cyber insurance.

Cost is a major factor in cyber insurance decisions, according to the survey. Fifty-seven percent of respondents said the current cost of premiums is a challenge. followed by the lack of transparency from insurance companies about what will be covered (49%).

One of the main reasons for companies underinsurance was the lack of compliance with insurers’ cybersecurity software requirements. A third of respondents said their organization had previously been denied insurance coverage because it did not meet specific requirements to have endpoint detection and response (EDR) technology.

Other experts have noted that insurers may also require customers to have multi-factor authentication for logins and data backup offsite or in the cloud.

“While it may seem counterintuitive, continuing to meet software requirements is one of the best ways to fight the ransomware industry,” said Vincent Weafer, chief technology officer at Corvus Insurance. “In our wallet alone, we have seen a 50% reduction in the ratio of ransom demands that end up being paid. Better software adoption is a critical part of better positioning organizations to resist attackers. »

To learn more about the survey, check out this BlackBerry blog.

Leave a Comment