With the global costs of cybercrime expected to soar to $13-trillion within the next five years, cyber insurance is booming as organisations try to mitigate the risk of financial losses. Globally, the cyber insurance market is now worth around $17-billion and is expected to grow by over 26% a year to top $84,62-billion by 2030.

Spiking rates of cybercrime and ever-higher ransom demands have increased the risks of insurers having to make massive payouts, notes Tony Walt, co-founder and director of cyber security software house Port443.

“As a result, insurers have become more stringent about the minimum security related requirements and cyber insurance premiums are increasing. In the US alone, premiums rose by over 120% between 2020 to 2022,” he says.

“Rising premiums simply add to the burden of organisations already grappling with economic headwinds and increasing risk,” Walt adds. “The good news is that many insurers now offer discounts on insurance premiums to customers who take steps to reduce their cyber risk and improve their security posture.”

Walt says local insurers reduce premiums for customers adopting these cybersecurity best practices:

* Keep security controls up to date – ‘Set-and-forget’ is not enough when it comes to staying ahead of cyber risk. Organisations should maintain visibility and control across their security environment and should use automation to ensure controls are regularly validated, patched and updated.

* Use encryption and Wi-Fi Protected Access (WPA) – Encryption and secured access reduce the risk of data exposure or loss and strengthens compliance with legislation such as POPIA. This, in turn, reduces your risk of having to pay a ransom, incurring penalties or being targeted in lawsuits, Walt says.

* Use multi-factor authentication – “Multi-factor authentication goes a long way in addressing the ongoing challenge of weak or vulnerable passwords, and ensures that only authorised users can access your network. This greatly reduces your exposure, so insurers feel comfortable reducing your premiums,” says Walt.

* Have secure backups – Secure, regular and trusted backups of critical data are crucial to build business resilience and support continuity. “To insurers, this means you are at lower risk of claiming for lost production or business hours in the event of a cyber attack given the ability to recover as a result of these backups,” says Walt.

* Have clear security policies, incident response processes and implement training and awareness programmes – Humans are the weakest link in cyber defence, with human error accounting for the bulk of cyber breaches. Clear and up to date cyber security policies and incident response plans have to be drafted, implemented, tested and made readily available to all staff, and ongoing training and awareness programmes need to be implemented. This could significantly reduce your risk profile and reduce your risk for cyber insurers.

Walt concludes: “Reducing your premiums is just one way to address the costs of cyber risk. The biggest costs associated with cybercrime are the losses suffered in ransoms, downtime, fines, legal costs and reputational damage. Applying cyber security best practice could help organisations avoid those costs altogether.”