Cyber-attack insurance – will it become popular in Poland?

Only last year, data breaches costed organisations USD 4M on average. 2021 was a record year in cyberattacks, which increased by 50% per week. Network and internal system downtimes have several consequences for companies, not only financial. Can you reduce the risk with cyber-insurance, which emerged on the Polish market recently?

To ensure operating continuity, every company needs to implement appropriate policies and procedures to prevent data theft, both from the outside and the inside of the organisation Holding a cyber-insurance is nothing else than a component of the risk management strategy. In this case, the company transfers the costs it would have to incur due to a cyber-attack or security incident onto the insurance company. These costs are most often related to the recovery of stolen data, ransom for cyber-criminals, property damage or potential administrative penalties for data loss. We also explain the factors that could contribute to the rise of popularity of cyber-insurance and how companies can reduce their costs.

Data mine

With the development of technologies, such as 5G, the Internet of Things or Industry 4.0, the number of devices connected to the infrastructure increases exponentially. According to Zurich Insurance, the number of connected devices exceeded 50 billion, which is a 19% growth in relation to 2019. This number is expected to increase even more in the coming years.

The volume of data generated by all these devices is tremendous. It is estimated to double every two years. In times when data is regarded as one of the most precious assets, its protection must be a priority of any organisation. Another factor contributing to the increased interest in cyber-insurance is the popularity of remote work. Using unsecured networks significantly increases the range of attacks and can be exploited by cyber-criminals.

High costs of data loss

The increased attack potential results in a higher number of security incidents. According to the research, 2021 was a record year for cyber-attacks, with a global growth increase rate of as much as 50% per week. According to the IBM Data Breach Investigation report, the average data breach cost for an organisation was USD 4.24M last year and the total losses due to cyber-crime amounted to USD 6 billion.

An organisation that purchases cyber-insurance, transfers the costs of a potential attack or data leak to the insurance company. This could lead to a dangerous disregard for certain risks and threats, which should have no place at all in a company. We recommend following the old saying “better safe than sorry”. The insurance is an additional protection, which is worth considering, but the first companies should follow security policies and use data loss prevention (DLP) software, anti-virus applications and protection at the interface of the network and Internet, for example UTM/NG Firewall solutions. It is also invaluable to have a utility for supervising admins/IT specialists, who usually have higher rights in terms of, for example, work with data.

How to protect the company from internal threats?

Organisations will always be exposed to cyber-attacks and incidents, but having an appropriate system to ensure data integrity should be an essential component of the security policy of every company. This should be implemented before opting to purchase a cyber-insurance. According to the research by Verizon, 57% of data leaks are connected with internal threats and many of them are related to the improper use of rights.

Many organisations focus on external threats, like cyber-criminals or malware. However, within the company there are employees with access to all resources, as well as third parties that provide outsourced IT services, often without supervision. With privileged access, they can expose organisations to the loss of customer databases, financial information, intellectual property or server access. Monitoring the privileged access of the employees and third parties can help companies to detect hazards. In case of data theft, PAM systems will not merely notify the company, but also provide the evidence of the crime. The more IT security solutions the organisation uses, the lower the risk of data loss. This probably will also translate to a lower cyber-insurance premium.