Insurance companies are said to have massively increased their cyber premiums – particularly for retailers and health insurers – after a string of high-profile attacks over the past two years.
After notorious breaches at Target, Home Depot, Anthem, and Premera Blue Cross involved hundreds of millions of dollars in compensation, premiums are now said to have tripled for health insurers and increased 32% for retailers.
In some cases, cyber insurers are limiting the amount of coverage to $100 million, which could leave victims open to big losses from hacks. But even this will depend on intensive reviews of potential clients’ cybersecurity policies and procedures.
Reduce your premiums; implement best-practice information security
We expect that many companies will struggle to get insurance if they don’t implement best-practice information security.
The international standard ISO 27001 sets out the requirements of a best-practice information security management system (ISMS), a risk-based approach to data security that can be applied throughout the supply chain. Once your ISMS has been registered to the Standard, you can insist that third-party contractors and suppliers also achieve registration.
Registration provides evidence to all stakeholders and insurers that international best practice is being followed.