Hartford Business Journal

24 HARTFORDBUSINESS.COM | October 24, 2022 Focus: Cybersecurity IMAGE | PIXABAY/TUMISU Risk Assessment As cyberattacks increase, more companies consider cyber liability insurance; but coverage costs are rising By Linda Keslar Hartford Business Journal Contributor O ver the past few years busi- nesses large and small have found themselves targets of cyberattacks, which are growing in complexity and frequency. The second quarter of this year saw an all-time peak, with global cyber- attacks increasing 32% compared to the same period in 2021, according to Check Point Research. One of the latest local victims was Bradley International Airport, which recently saw its website go down after being hit by a distributed denial of service attack. Ongoing threats not only loom from foreign-led groups and geopolitical tensions, like the Russia-Ukraine war, but the pandemic has also made things worse, with the new reality of a remote workforce accessing business data through multiple unprotected devises, said Joseph G. Fortner Jr., a partner at law firm Halloran Sage in Hartford. "That's opening up everyone to more vulnerabilities," Fortner said. Four out of five data breaches involve a human element, according to the Verizon 2021 Data Breach Investigations report. For businesses, ransomware remains the most pervasive threat, at record levels in 2021, followed by social engineering attacks like phishing and other email compro- mises, according to the IBM Security X-Force Threat Intelligence Index 2022 report. While finance, insurance, health care, energy and education remain popular targets of cyber criminals, no industry or government sector is immune, with manufacturing, for example, ranking as the top attacked industry in 2021, according to the report. "Cybercriminals look for network access, and they take it wherever they find it, regardless of industry or the size of the company," said Tim Francis, vice president and enterprise cyber lead at property and casualty insurer Travelers Cos., which underwrites cyber liability insurance policies. Liability coverage The uptick in cyberattacks, which can result in significant costs and damages, is leading more businesses to explore cyber insurance. While not all policies are created equal, an array of cyber liability insur- ance products are currently offered by 279 U.S. insurance carriers, according to the National Association of Insurance Commissioners. Though policies can vary, the basic guarantee for business policyholders is the payout of a fixed amount to help restore services interrupted by a cyberattack and cover third parties, including people who have suffered damages as a result of having their data leaked. But cyber insurance coverage isn't ubiquitous. For example, three out of four of the 1,200 business decision makers who responded to Travelers' 2022 risk index survey, named cybersecurity insurance as critical, but just 59% said their company had such coverage. Multiple reasons were cited by those who haven't purchased a cyber insurance policy, according to Travelers' Francis. "Some pointed to cost, while others feel they already have adequate protections in place or aren't familiar enough with cyber coverage to be comfortable purchasing it," Francis said. Nearly 25% of survey participants also said they didn't think their company will suffer a cyberattack, while the same percentage said they had too many other things to worry about, he said. That might be a dangerous miscal- culation given a cyberattack can be devastating, resulting in financial losses, remediation expenses, down- time, reputational harm and other damages. The average ransomware payment was $925,162 during the first five months of 2022, approaching the unprecedented $1-million mark, and rising 71% from last year, according to Palo Alto Networks. The average cost of a data breach for U.S. businesses is $9.4 million, according to the IBM report, while nearly two out of three small firms go out of business within six months of a cyberattack, according Joseph G. Fortner Jr.

• Cover