The importance of cyber essentials and protecting your supply chain has never been more apparent, say experts
The dramatic rise in cyber insurance premiums could represent a correction towards “more sustainable” rates according to Richard Hodson, director at UK Global Broking.
This came during a panel session entitled A General Market Update: What are the Latest Trends in the Cyber Space? held last week (16 June 2022) at BrokerFest2022.
A Marsh report released earlier this month (7 June 2022) showed the average price of a cyber insurance policy had risen by 109% across Q4 2021.
According to GlobalData’s UK SME Insurance Survey also released this month (16 June 2022), 17.3% of SMEs did not have cyber cover because of rising prices, and 29% had cancelled their policies to cut costs.
Ken Munro, partner at Pen Test Partners, added: “The correction that we are seeing at the moment is not just a reflection of the prevalence of ransomware. It’s also because a number of underwriters did not really understand the systemic nature of some of the risks that they were insuring.
“Increasingly, they are learning and starting to see the interconnectedness of systems. So yes, we are starting to see connections as risks that are truly understood,” Munro said.
Supply chain risks
Munro added that as supply chains are stretched, opportunistic ransomware attacks could grow in frequency.
“The opportunity to make money, to poke certain parts of the supply chain at critical moments, gives the opportunity to make regular money,” he said.
Freddy Knight, innovation director at Optimum Specialty Risks, explained that most firms are 99.9% digitally dependent and should all protect their ability to trade via a cyber insurance policy.
The lack of a cohesive, market-wide policy document for cyber essentials and standards is a challenge, said Munro, as this means there is no general, accessible one-size-fits advice for businesses.
Consequently, Knight listed three simple steps that businesses could take to protect themselves in the current cyber threat landscape – disabling remote desk top protocols when not absolutely necessary, deploying multi-factor authentication (MFA) and keeping backups saved in separate locations.
He also recommended avoiding choosing the cheapest IT vendor for services.