Cyber security insurance is rapidly becoming a must-have risk correction for companies of all sizes. A third of US companies already have cyber security insurance and the market is expected to grow to $ 14 billion in 2022.
Insurance companies make bank. In 2017, cyber security insurance companies paid only 32{e53874e4bbd58509048fd82fc905992bcdbedb43a73f551bb715cf467ce5a7fb} of premiums, which was less than they paid in the previous year (48{e53874e4bbd58509048fd82fc905992bcdbedb43a73f551bb715cf467ce5a7fb}). The costs for most companies are relatively low, usually only 1{e53874e4bbd58509048fd82fc905992bcdbedb43a73f551bb715cf467ce5a7fb} to 3{e53874e4bbd58509048fd82fc905992bcdbedb43a73f551bb715cf467ce5a7fb} of what companies pay for other insurance coverage. Business leaders tell me that their costs for cyber security insurance range from $ 5,000 to $ 25,000 for multi-million dollar coverage. It is a small cost to pay for a large coverage. Or is it?
What is a reduction clause for social engineering?
I now hear about large cyber security insurance policies with reduction clauses for & # 39; social engineering & # 39 ;. If your organization experiences a cyber security incident and it is a social engineering attack technique, the expected payout will be significantly lowered than what was promised in the full policy. For example, a city government told me they had a $ 50 million cyber security insurance policy, but if a claim involved social engineering, it would only pay a maximum of $ 200,000. (I assume that the deductible also applies to that figure.)
If your cyber security policy contains such a & # 39; n clause, this is huge!