A solution to control Rising Cyber Insurance Costs?
E51
I recently returned from an 8-day trip to India.Â
It was a business visit. I spent quality time with our delivery teams and leaders at our offices in Hyderabad. The weather in India is fantastic. Even more when you consider how bleak these last winter months feel in Chicago.Â
Apart from great food and company, the trip involved a lot of travel up north to visit family.Â
When making such short-duration international trips, the biggest issue is Jet Lag.Â
The struggle is real. The effects can stay on for a long time.Â
But, still a fruitful and energizing trip.
How has your week been going?
Book talk
I took full advantage of the 14+ hrs flights and finished two books during this time.Â
I read "make time", by a google engineer on prioritizing high-value work and making time for important things.
I found it to be a good book with some real-life tips. the writer shared their experience via the concept of Agile Sprints and time boxing.
The second book is something worth mentioning.
I finished "never eat alone" by Keith Ferraazi.
This is an incredible book. When I read it the first time, (i was 100 pages in) I decided to return the library book and buy this book for myself. There are so many brilliant ideas, it was impossible to keep reading without making notes. "never eat alone" is one of those transformational books I have read recently.
And another transformational book that I read last year was "Think Again" by adam grant.
I have gifted this book to about 10 people. A few copies of this traveled with me as gifts during my India trip.
What is the one book you have read recently, that had a similar effect on you?
Path to improved coverage of cyber insurance
Cyber insurance prices are starting to stabilize this month.Â
For context, cyber insurance has been becoming costlier since 2019. As more and more ransomware attacks took place, the prices at times jumped 2x. But they are stabilizing (on the peak, for now).
But, I couldn't figure - Why?
Because the prices went so high that lots of organizations couldn't afford it? Hence the prices are cooling off?
Or, Are companies starting to show better security practices, causing this change?
It is hard to say, but the prices are still steep.
Here is another interesting angle.
Insurance companies are not covering losses from nation-state-backed cyber-attacks. Some insurers are explicit about it, and some have a specific condition that alludes to the same. It is a complex topic with no reasoning except for a way for insurance companies to wash their hands off.Â
How do you attribute a nation-state-backed cyber attack?Â
Cyber insurance costs continue to rise for healthcare companies.
The industry has higher compliance needs and handles high data sensitivity.
Today cyber insurance companies ask for questionnaire-based details. The questionnaire asks for details and proof of evidence about- application security, network security, email security, internal controls like MFA, EDR, 24/7 SOC, Backup & Recovery, Phishing control, etc.
The healthy approach is to have cyber security mitigations with appropriate cyber insurance.Â
Rising inflation, the high cost of cyber insurance, a slowing economy, and fears of a recession mean security budgets may not be enough to have both options.
So what is the solution?
The insurance costs can not keep going up?
Insurance companies should not add crazy abstract exclusions to wash off their hands.
In the future, it may be best for insurance companies to set up a baseline of security posture and ask companies to meet that to qualify for cyber insurance. Consider a health insurance company that only sells insurance to younger adults only. A pool of companies who are putting in efforts to safeguard themselves against cyber threats.
It will bring some sanity to the market and one way to bring down the losses and insurance premiums. It could lead to widespread maturity in the security baseline overall and help companies feel better about appropriate coverage and thriving in the business environment.