Issue link: https://nebusinessmedia.uberflip.com/i/1482136
HARTFORDBUSINESS.COM | October 24, 2022 25 FOCUS: CYBERSECURITY THANK YOU TO OUR PARTNERS EYEWITNESS EYEWITNESS NEWS NEWS Bank of America ESPN Hartford Business Journal Hartford HealthCare Rehabilitation Network Imagine Float Nuun Hydration ProHealth Physicians Stanley Black & Decker Talcott Resolution Aetna AMR Bakery On Main Barton & Loguidice Bloom Bake Shop City of Hartford City Steam Brewery Restaurant Comcast Connecticut GI Flower Power Farms Gen Re Hartford Baking Company LesserEvil Marcus Communications Pepe's Pizza Riverfront Recapture Select Physical Therapy Town of East Hartford Town of South Windsor Town of West Hartford Travelers Highland Park Market Mitsubishi Power Aero LLC Nassau Financial Group Gottfried & Somberg Wealth Management LLC RunningCoachCT.com TriathlonCoachCT.com THANK YOU TO OUR PARTNERS HARTFORDMARATHON.COM to The National Cyber Security Alliance. The cost of cybercrime is predicted to reach $10.5 tril- lion by 2025, according to Cisco/ Cybersecurity Ventures 2022 Cybersecurity Almanac. Rising coverage costs As companies brace for the rising risks of attacks, cyber insurance is growing as a higher priority across many industries, experts said. "Cyber risk has become a board- level issue over the last few years," said Marc Lombardi, a partner at law firm Shipman & Goodwin in Hartford. He and other legal experts cite a growing roster of business clients looking to invest in ways to protect, mitigate and manage their cyber risk and cyber exposure, including via insurance coverage. "Companies first need to start by assessing their data, and knowing its value both internally and exter- nally and from there, proceed to devise strategies to protect it from all angles," Lombardi said. A 2021 report by the U.S. Govern- ment Accountability Office found more insurance clients are opting-in for cyber coverage — up from 26% in 2016 to 47% in 2020. The report also pointed out the cyber insurance market is in flux as cyber crimes become more common. The rising costs of threats and some insurers taking losses from hefty payouts over the last couple of years have not only driven up premiums but also led insurers to reduce coverage limits for some industry sectors, the report notes. Since 2020, premiums have increased anywhere from 30% to over 100%, said Timothy Zeilman, a vice president at specialty insurer Hartford Steam Boiler, which also underwrites cyber liability coverage. "There's been really traumatic increases in rates over the last two years or so, though it varies by industry and the size of the business," Zeilman said. That trend is putting a squeeze on midsize and small businesses, which tend to be popular targets of cyber criminals. That's led the Treasury Depart- ment's Federal Insurance Office and the Cybersecurity and Infrastructure Security Agency to agree to research and determine whether Congress should enact a federal cyber insur- ance program to make coverage more affordable for businesses. But cyber insurance is still worth getting, experts said. Insurance polices are becoming more diverse in covering a broad range of costs associated with cyber risks as the market matures, said Zeilman. Insurers writing policies for cyber risk are also requiring more information from policyholders, including requirements around secu- rity controls and a range of technical, physical, procedural and human controls, to minimize cyber risk. "Insurance companies are chal- lenging policyholders with basic requests for security measures," said Linn F. Freedman, a partner at law firm Robinson+Cole. It's the combination of coverage and risk mitigation, "not leaving your doors and windows open," that will yield the best results, Freedman said. "Businesses can't rely on insurance alone," she added. Sound cyber hygiene includes robust back up and secure network strategies, like multifactor authenti- cation at critical access points, fire walls, and scanning technologies, experts said. Cyber-risk management Another key focus, and a blind spot for many businesses, is the ongoing need to train employees in cyber best practices, particularly how to spot a suspected incident as threats continue to evolve, said Fortner of Halloran Sage. "Businesses think they have put things in place, like software updates and they're done, but hacking efforts and social engineering are getting better, more sophisticated and more people are getting attacked as a result," Fortner said. The good news is that insurers are playing a big role in nudging businesses toward better cyber-risk management just as new standards are evolving that they may need to comply with in the future, said Eric George, president of the Insurance Association of Connecticut. While cyber insurance has been around for two decades, it's a "neonatal" sector, he said. "It's still very early on and a growing area," George said. Eric George Linn F. Freedman Marc Lombardi