Most, if not all, businesses are aware of the increase in prices and costs associated with their everyday operations and how it is impacting their business in real time. One item businesses are prone to losing sight of, due to the annual nature of the renewal process, is insurance. According to WTW, a leading global advisory, broking, and solutions company, U.S. commercial insurance prices have increased 6.1% in the second quarter of 2023, slightly above the previous quarters increase of 5.6%. The increase reflects insurance prices on policies underwritten during the second quarter of 2023 to those prices for the same coverage in the same quarter of 2022 for a year-over-year comparison. As many businesses are going through or have recently completed their annual insurance renewal process, they have been made aware of the rise in the overall cost of insuring a business. Some of the items driving these increases are related to factors outside of the control of the average business, such as major carriers leaving marketplaces or an overall reduction in the capacity of insurance companies. However, one line of insurance most companies can decrease or prevent an increase in is the cost of is cyber liability insurance!
Cyber liability is one of the fastest-growing insurance policies for businesses. While the premium is generally low, businesses are starting to see an increase here, as well. This is due to an increasing amount of social engineering claims (cyberattacks performed using social engineering). Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. These claims typically occur when someone at the business unknowingly provides hackers or nefarious actors with sensitive information, which is then used to alter payment information, amend bank information, or any other form of payment manipulation to fraudulently pay themselves. Cyber liability policies that include social engineering are raising their premiums because of the increase in claims (due to increased attacks), and some estimate there could be as much as a 20% increase in this area. Some insurers will not even provide coverage for a business that has not proven it has sufficient cyber controls and procedures in place to protect a company’s sensitive information.
How can businesses try to avoid this potential insurance increase? A cybersecurity assessment! More and more insurance companies are requiring a cybersecurity assessment to obtain basic cyber liability insurance to begin with. An assessment will provide proof to insurance carriers that the appropriate level of IT related controls are in place to safeguard sensitive information and data. Although not guaranteed to decrease insurance rates, an assessment is a great way to prove to insurance carriers that your business is diligent about protecting sensitive information and that there are obstacles in place stopping potential social engineering or other forms of cyberattacks.
Although decreasing insurance premiums is attractive in and of itself, all businesses should perform these cybersecurity assessments on an annual basis, just based on the benefit of knowing their information does have the appropriate security and controls in place. The cost of a successful social engineering attack can be substantial for any business; outside of monetary costs, an attack can damage relationships with business partners, as well. When the benefit of decreasing insurance rates is added, making the decision to get a cybersecurity assessment is only made easier for a business!
McKonly & Asbury can assist your company with more information on what a cybersecurity risk assessment entails and readiness assessments to identify whether effective processes and controls are in place, as well as provide you with recommendations. For more information, be sure to visit our System and Organization Controls (SOC) service page and don’t hesitate to contact Dave Hammarberg, CPA, CFE, CISSP, GSEC, MCSE, CISA regarding our services.