ความเปลี่ยนแปลงล่าสุดในตลาดประกันภัยความเสียหายจากอาชญากรรมไซเบอร์
คุณเคยคิดทำประกันภัยความเสียหายจากอาชญากรรมไซเบอร์บ้างไหม เราอยากให้คุณลองอ่านบทความนี้ เพื่อศึกษาความเป็นไปและเปลี่ยนแปลงในตลาดและความเสี่ยงที่ไม่มีใครอยากให้เกิดขึ้น Have you been thinking about getting cybersecurity insurance to reduce your liability? First, read our article about what’s changing in the market, or risk an unpleasant surprise.
Summary
ประกันภัยความเสียหายจากอาชญากรรมไซเบอร์ หรือ ประกันภัยทางไซเบอร์ ช่วยลดความเสี่ยงธุรกิจ ทั้งในส่วนบรรเทาค่าเสียหายและรับผิดชอบค่าใช้จ่ายที่เกิดขึ้นในกรณีถูกโจมตีทางไซเบอร์ ซึ่งอาจจะมีมูลค่าเฉลี่ยมากถึง 4.35 ล้านเหรียญสหรัฐ ความเสียหายเหล่านี้ไม่ว่าจะเป็นการถูกละเมินหรือโจรกรรมข้อมูลระบุตัวตน ข้อมูลของบริษัท หรือ ข้อมูลบัตรเครดิต ต่างมีความเสี่ยงที่ทุกคนไม่อยากให้เกิด ดังนั้นเราต้องรู้ประเด็นใดบ้าง -Demand is Going Up -Premiums are Increasing -Certain Coverages are Being Dropped -It’s Harder to Qualify #CybersecurityInsurance #CyberInsurance #Cybersecurity #ITSecurity Cybersecurity insurance covers costs associated with a data breach. No one is safe from cyberattacks. Even small businesses find they are targets. The average cost of a data breach is currently $4.35 million. The increase in threats and costs have led to changes in cyber insurance. Here are some of the cyber liability insurance trends you need to know: -Demand is Going Up-Premiums are Increasing-Certain Coverages are Being Dropped-It’s Harder to Qualify #CybersecurityInsurance #CyberInsurance #Cybersecurity #ITSecurity
Cybersecurity insurance is still a pretty new
concept for many SMBs. It was initially introduced in the
1990s to provide coverage for large enterprises. It
covered things like data processing errors and online media.
Since that time, the policies for this type of
liability coverage have changed. Today’s cyber insurance policies cover the
typical costs of a data breach. Including remediating a malware infection or
compromised account.
Here at In Motion Networks, we strongly suggest all
companies have cybersecurity insurance.
Cybersecurity insurance policies will cover the costs for things
like:
Recovering
compromised dataRepairing
computer systemsNotifying
customers about a data breachProviding
personal identity monitoringIT
forensics to investigate the breachLegal
expensesRansomware
paymentsNetwork
securityUse
of things like multi-factor authenticationBYOD
and device security policiesAdvanced
threat protectionAutomated
security processesBackup
and recovery strategyAdministrative
access to systemsAnti-phishing
tacticsEmployee
security trainingSo, it
pays to do a cybersecurity review before applying for cyber insurance. You can
save yourself time and money. It can also fortify your defenses against
cyberattacks
Data breach volume and costs continue to rise. 2021 set a record
for the most recorded data breaches on
record. And in the first quarter of 2022, breaches were up 14% over the prior
year.
No one is safe. Even small businesses find they are targets.
They often have more to lose than larger enterprises as well. About 60% of small businesses
close down within 6 months of a cyber incident.
The increase in online danger and rising costs of a breach have
led to changes in this type of insurance. The cybersecurity insurance industry
is ever evolving. Businesses need to keep up with these trends to ensure they
can stay protected.
Here are some of the cyber liability insurance trends you need
to know about.
Demand is Going Up
The average cost of a data breach is currently $4.35 million (global average).
In the U.S., it’s more than double that, at $9.44 million. As these costs
continue to balloon, so does the demand for cybersecurity insurance.
Companies of all types are realizing that cyber insurance is
critical. It’s as important as their business liability insurance. Without that
protection, they can easily go under in the case of a single data breach.
With demand increasing, look for more availability of
cybersecurity insurance. This also means more policy options, which is good for
those seeking coverage.
Premiums are Increasing
With the increase in cyberattacks has come an increase in
insurance payouts. Insurance companies are increasing premiums to keep up. In
2021, cyber insurance premiums rose by a staggering 74%.
The costs from lawsuits, ransomware payouts, and other
remediation have driven this increase. Insurance carriers aren’t willing to
lose money on cybersecurity policies. Thus, those policies are getting more
expensive. This is at the same time as they are more necessary.
Certain Coverages are Being
Dropped
Certain types of coverage are getting more difficult to find.
For example, some insurance carriers are dropping coverage for “nation-state”
attacks. These are attacks that come from a government.
Many governments have ties to known hacking groups. So, a
ransomware attack that hits consumers and businesses can very well be in this
category.
In 2021, 21% of nation-state
attacks targeted consumers, and 79% targeted enterprises. So, if you see that
an insurance policy excludes these types of attacks, be very wary.
Another type of attack payout that is being dropped from some policies
is ransomware. Between Q1 and Q2 of 2022, ransomware attacks increased by 24%.
Insurance carriers are tired of unsecured clients relying on
them to pay the ransom. So, many are excluding ransomware payouts from
policies. This puts a bigger burden on organizations. They need to ensure their
backup and recovery strategy is well planned.
It’s Harder to Qualify
Just because you want cybersecurity insurance, doesn’t mean
you’ll qualify for it. Qualifications are becoming stiffer. Insurance carriers
aren’t willing to take chances. Especially on companies with poor cyber
hygiene.
Some of the factors that insurance carriers look at include:
You’ll often need to fill out a lengthy questionnaire when
applying for insurance. This includes several questions about your
cybersecurity situation. It’s a good idea to have your IT provider help you
with this.
This can seem like a lot of work that you have to do to qualify
for cyber insurance. As you review the questions, your IT partner can identify
security enhancements. Just like other forms of insurance, if you take steps to
reduce risk, it can often reduce your premiums.
Summary
ล่าสุด ทาง Digicert ได้คาดการณ์ เทรนด์ที่จะเกิดขึ้นในเเวดวง Cyber Security ในปี 2023 และโลกอนาคตไว้ดังนี้Prediction #1: Quantum Computing Will Force Crypto-AgilityPrediction #2: Matter Will Become a Household StandardPrediction #3: Code Signing Will Prompt A Race to the CloudPrediction #4: Software Supply Chain Attacks Will Make 2023 the Year of the SBOMPrediction #5: Physical SIMs Will be Replaced by eSIM and iSIM TechnologyPrediction #6: DNS will continue to grow in importancePrediction #7: Criminals Will Exploit Zero TrustPrediction #8: Ransomware threat will continue to rise in Asia
By DigiCert experts Dr. Avesta Hojjati, Dean Coclin, Mike Nelson, Srinivas Kumar, Stephen Davidson, Steve Job and Tim Hollebeek — DigiCert, Inc., a leading global provider of digital trust, released its annual forecast of cybersecurity trends emerging for the new year and beyond. These projections are based on shifts in technology, threat actor habits, culture and decades of combined experience. “Without a secure supply chain and proper security infrastructure, mission-critical data lies vulnerable. India has faced more than 18 million cyber attacks in just the first quarter of 2022. This must raise alarm for all of us especially as the country is pushing for increased digitization in the coming year,” said Sarabjeet Khurana, Country Manager, India & SAARC, DigiCert. “These predictions should allow individuals and businesses of all scales and sizes, to prepare for their upcoming technology needs. To ensure success in the era of digital trust, a planned approach to resiliency is of essence.”
“These predictions come on the heels of our 2022 State of Digital Trust Survey that found that almost half of consumers in APAC (42%) have stopped doing business with a company after losing trust in that company’s digital security,” said Hojjati, VP of Research and Development at DigiCert. “The more CISOs and other IT staff understand the security implications of evolving technologies and threats, the better prepared they are to make the right investments for their business to ensure digital trust.” Prediction #1: Quantum Computing Will Force Crypto-Agility — Cracking a 2048-bit encryption would take an unfathomable amount of time with current technology. But a capable quantum computer could conceivably do it in months. We predict an increased focus on the need to be crypto-agile as quantum computers pose a signifcant future threat for secure online interactions. Crytographic-agility will be a competitive advantage in the very near future. Prediction #2: Matter Will Become a Household Standard — Matter is a smart home standard and common language for smart home devices which are secure and trusted to communicate and connect seamlessly. With IoT driving growth in Industry 4.0 and the advent of 5G technology in the country, the India IoT market is projected to reach a value of USD 1,527 Million by 2027. DigiCert predicts the Matter logo will become the symbol that consumers look for in smart home technology. With increased connectivity with the Internet-of-Things (IoT), Matter will become key to achieving secure, reliable, and seamless use of smart home devices. Prediction #3: Code Signing Will Prompt A Race to the Cloud — OV code signing certificates are changing. They will soon be issued on physical security hardware in a similar way to how EV code signing certificates are issued. We predict that these changes will mean customers move to cloud signing in large numbers, instead of dealing with replacing their hardware token. We also expect all code signing will be cloud-based in the future, as customers will prefer cloud over having to keep track of a hardware key. Prediction #4: Software Supply Chain Attacks Will Make 2023 the Year of the SBOM — 66% of Indian businesses fell prey to supply chain attacks in 2022. As threats become increasingly sophisticated, we predict the SBOM will be widely adopted in 2023. An SBOM is a list of every software component that comprises an application and includes every library in the application’s code, as well as services, dependencies, compositions and extensions. While most of the requirements are taking place at the federal level now, expect the SBOM to spread to commercial markets soon to secure software. All of this means software producers will be required to get more involved in the process of ensuring their products are secure — and visibility will be key to that. Prediction #5: Physical SIMs Will be Replaced by eSIM and iSIM Technology — While eSIMs are available in India, iSIM technology will also revolutionise how we use our smartphones and similar devices. We predict the next generation of smartphones will remove traditional SIM hardware functionality and move to eSIM and iSIM as the root of trust. The introduction of the integrated SIM (iSIM), which does not require a separate processor, is smaller, and does not take up much room on hardware such as mobile phones. Prediction #6: DNS will continue to grow in importance — Infrastructure as code will continue its growth as being a best practice for organizations of all sizes. DNS services that have high uptime, fast speeds and fast DNS propagation will be crucial for organizations to have as a toolset. With over 55% of the population having access to broadband networks, well-defined APIs, SDKs and integrations will be highly vital to the success of Indian organizations’ efforts to be productive and reliable. Prediction #7: Criminals Will Exploit Zero Trust — Adversaries will deploy new technologies as well to increase their success rate in future attacks. Technologies such as Artificial Intelligence and Adversarial Machine Learning could potentially be deployed by a properly versed attacker to find weaknesses in an improperly deployed zero trust framework. There is a clear shift towards the adoption of Zero Trust in India, where close to 30% of organizations have implemented or are considering implementation of zero-trust strategies at the workplace . With growing concern of data security due to the new normal of hybrid-work mode, it has become a priority for organizations globally to have Zero Trust. As zero trust becomes the standard security approach for IT systems, we predict adversaries will change their attack approach to be able to overcome zero trust frameworks. Prediction #8: Ransomware threat will continue to rise in Asia – The threat of Ransomware continues to rise globally, with Asia-Pacific countries being the most vulnerable due to the region’s rapid digitalization and increasing connectivity as seen from its adoption of 5G network. 70% of Indian organisations have been hit by ransomware attacks in last three years. Recent high-profile attacks on Indian entities, especially that of All India Institute Of Medical Science (AIIMS) which left the premier medical hospital crippled due to lack of data highlight how hackers continue to exploit upcoming technologies As we predict for ransomware attacks to become more sophisticated, it is crucial to remain vigilant and well-equipped to counter them.
.png "Microsoft Visio")
.png "VMware")
