Dave Russell, VP of Enterprise Strategy, e Rick Vanover, Senior Director Product Strategy di Veeamtell the critical issues of modern data protection.
Data protection against ransomware and cyberattacks is becoming increasingly critical. According to Veeam’s latest Data Protection Trends Report 2023, in 2022, 82% of organizations in the region APAC suffered at least one attack and 23% four or more. Cyber risks are an inevitable reality and have made it necessary to urgently adopt new cybersecurity and data protection measures. It’s not enough for organizations to invest in prevention strategies and hope their business doesn’t falter and succumb to an attack. Instead, organizations need to be fully prepared for the inevitable: dealing with a data breach or security incident.
Cyber threat insurance is a form of cyber risk management that plays a crucial role in mitigating losses from cyber incidents and building cyber resilience. It complements an organization’s overall cyber resilience and should be integrated into its data protection strategy.
Advantages of buying cyber insurance
Cyber insurance may cover all or part of the costs associated with data breaches, ransomware and other incidents of cybersecurity. These costs may arise from investigations, recovery and remediation. An insurance policy not only helps businesses recover from a cyberattack, it also protects data long before a breach occurs, prompting the business to formulate a more comprehensive data protection plan. This is critical to ensuring a healthy recovery in the face of a cyberattack, as it mitigates much of the financial impact associated with data breaches and cyberattacks. According to IBM, the average cost of a data breach in six countries ASEAN reached an all-time high of $2.87 million in 2022.
Dave Russell, VP of Enterprise Strategy di Veeam
With increasingly sophisticated cyber threats, all businesses, regardless of size and industry, are at a high risk of having their computer systems attacked. It is therefore imperative that businesses of all sizes mitigate the direct financial impact of a cyber incident through a cyber insurance. The question that companies need to respond urgently it’s not whether they need cyber insurance, but how much and against what forms of cyber incidents.
More and more companies are recognizing the importance of cyber threat insurance, making cyber threat insurance one of the fastest growing lines of business in the insurance industry. Indeed, research has shown that the market is expected to reach $29.2 billion by 2027.
Cyber insurance by the PMI
In particular, small and medium-sized businesses (SMBs) are exposed to high cyber risk, as they often lack an adequate cyber security infrastructure or technology to deal with new threats. This puts them in a disadvantageous position, more vulnerable to new forms of exploitation.
Basic cyber insurance policies may be a more affordable option for PMI and contribute to the payment of sums of money in the event of a cyber attack. However, with the increase in the number and severity of ransomware attacks, an adequately sized cyber insurance policy is often out of reach for many SMBs. In addition, insurance companies are imposing more regulations on their policies, which means that companies need to invest in additional cybersecurity measures to be eligible for a claim. For example, some policies require companies to have asset management systems in place and documented vulnerability patching processes. These hidden costs have made it even harder for SMEs to fund cyber insurance.
Rick Vanover, Senior Director Product Strategy di Veeam
Purchasing cyber insurance does not fully compensate for your ransomware risks
Cyber insurance is only one part of the puzzle for strengthening cyber resilience. If a business suffers a breach, cyber insurance serves as a lifeline to support recovery efforts. However, it does not eliminate the risk of data loss and disruption to normal business processes. Depending on the insurance policy chosen, businesses may not be covered for all costs incurred during the attack.
Security hygiene best practices continue to form the foundation of a sound cybersecurity strategy. Even if companies purchase cyber insurance, they shouldn’t consider themselves immune to ransomware attacks. They must still implement cyber hygiene practices as part of a holistic data protection and recovery strategy. This will also allow them to demonstrate due diligence when filing a claim – a requirement of cyber insurance policies.
Although insurance companies can support companies in the event of a cyber attack, insurance cannot protect a business from everything. It is imperative that every organization has a comprehensive data protection infrastructure in place that provides full visibility and control over the data itself.