Where cyber insurance should fall in your cybersecurity strategy

At a time when cyberattacks are becoming more frequent and costly all the time, it makes sense that companies are seeking ways to limit the potential financial impact of a cyberattack. 
According to the most recent FBI IC3 Internet Crime Report, the total number of reported cybersecurity incidents and the resulting financial losses consistently and dramatically increased between 2017 and 2021. In 2017, there were over 301,000 complaints which totaled $1.4 billion in losses – numbers that jumped to over 847,000 and almost $7 billion, respectively, four years later.
With these numbers it should come as no surprise that companies are now investing more in cyber insurance than ever before. According to a 2021 report from the U.S. Government Accountability Office (GAO), the proportion of insurance clients that pay for cyber coverage spiked from 26 percent in 2016 to 47 percent in 2020.
While cyber insurance can help companies mitigate the cost of cyberattacks, issues such as rising premiums and stricter coverage limits have raised questions about the future of these insurance policies. 
Cyber insurance should be just one element of a comprehensive cybersecurity platform. Focus on how to prevent attacks altogether with proven methods such as security awareness training (SAT) rather than purchasing an insurance plan and hoping they won’t have to use it. 
Here is what leaders should know to minimize reliance on cyber insurance: 

Cybersecurity starts with cyber awareness. When employees know what warning signs to look out for and how to report potential cyberattacks in progress, companies will be in a much stronger position to thwart those attacks.

SAT programs are among the best ways to keep your company safe from cyberattacks. An effective SAT program is capable of helping employees retain critical information with engaging and relevant cybersecurity content, consistent reinforcement, and robust forms of assessment that allow companies to determine how much employees are actually learning. 

Cybersecurity should always be proactive. It’s a mistake to wait until a massive financial and reputational blow has already been inflicted to improve your SAT platform. The effectiveness of an SAT should be consistently evaluated through phishing tests and other means to make sure employees are really turning their training into learning. 

Learn more about the risks and rewards of relying on cyber insurance in NINJIO CEO Shaun McAlmont’s full article on Insurance News Net.