Cyber Brief for CFOs: August 2024
All the news, tactics and scams for finance leaders to know about in August 2024.
The global cyber insurance market is expected to grow by 20% in 2024, driven by rising awareness of cyber risks, stricter regulations, and more industries seeking coverage. Not bad for a market labelled ‘uninsurable’ by Zurich’s chief executive.
Nearly two years on, what’s changed? This 2024 update takes a clear look at where the market is headed from both global and regional perspectives. While businesses have boosted their cybersecurity postures, the jump in cyber insurance uptake shows that strong defences alone aren’t enough. The truth is, cyber risks are growing more complex, and protecting your organisation now needs both solid cybersecurity measures and smart insurance coverage.
We’re breaking down three key trends in cyber insurance:
Read on to see how these trends affect your business and why you need both cybersecurity and cyber insurance to stay protected.
At the end of 2022, Zurich’s CEO warned that cyber risks were becoming ‘uninsurable’ due to their uncertain nature. Premiums shot up as insurers tried to clarify ‘silent cyber’ coverage gaps with tighter policy terms.
However, the picture is different in 2024. Cyber insurance prices are beginning to settle down. Howden’s Global Insurance Index shows prices down 15% after peaking in mid-2022, thanks to better security practices by businesses and more competition among insurers.
But don’t be fooled into thinking lower premiums mean less risk. Even with reduced costs, cyber insurance remains crucial for managing risks that stronger security alone can’t cover. Lance Rubin, Founder of Model Citizn, found this out the hard way when his business was hit by a cyber attack. “I was hoping [cyber insurance] wouldn’t just be another policy that sits there, but when that day came, I realised it’s actually valuable,” he told us on our On the Defence podcast. “Cyber insurance isn’t just about covering direct losses; it’s about managing the broader risks that can sink your business.”
During the premium hikes of 2023, insurers started demanding stronger security measures to reduce incident risks and offer better coverage.
This trend continues in 2024, with insurers setting clearer cybersecurity standards as conditions for coverage. A recent Sophos study shows insurers are increasingly requiring companies to adopt risk management frameworks and cybersecurity measures like multi-factor authentication and endpoint protection. Stricter underwriting processes and tailored policies are emerging, especially for industry-specific risks.
Rubin’s experience is a good example of why businesses need to stay on top of their security measures. “You think about the costs — not just the immediate ones, but the ripple effects to your brand, your clients, your staff. The forensic investigation was covered by insurance, but without it, the damage would’ve gone far beyond what we could manage ourselves,” he shared.
What does this mean for you? You need to keep investing in security. But even then, cyber insurance is still crucial as a backup plan. It’s your safety net against the attacks that slip through.
Fraudulent fund transfer (FFT) was a significant threat in 2022, overtaking ransomware as the most common type of claim and making up 36% of all cyber insurance claims in Q3.
According to Coalition, FFT continued to be a major concern in 2023, accounting for 28% of all claims, with the frequency of these claims up 15% year over year. FFT is often linked to Business Email Compromise (BEC) attacks, with 56% of all claims involving either BEC or FFT.
For Rubin, this lesson hit home hard: “I didn’t think I was going to be at risk, and that was the real big takeaway… it’s not just about you as a business; it’s about how you’re connected to the broader industry. Even a small business can be a target because of who they do business with,” he explained.
The takeaway is clear: focus on stronger payment fraud prevention, especially around email security protocols. But even the best prevention strategies aren’t foolproof. If an attack gets through, you still need insurance to cover recovery and losses.
Australia is dealing with a wave of cybercrime, from tax scams to data breaches, affecting businesses of all sizes. Recent incidents like the $2 million lost in tax scams and a $4.3 million healthcare data breach show the financial and reputational damage that’s possible, no matter how big or small you are.
The lesson? Even the best cybersecurity measures won’t always protect you against sophisticated attacks. For Australian businesses, cyber insurance is becoming essential—not just for compliance, but to shield against the financial fallout of breaches.
Some Australian businesses are finding that investing in robust cybersecurity helps them secure affordable cyber insurance. A report from Insurance Business Magazine found that companies using advanced security practices, like threat detection and incident response plans, have cut their premiums by up to 30%.
But don’t see these savings as an excuse to go without insurance. Instead, use the cost savings to get more comprehensive coverage. This dual strategy protects you upfront and provides a safety net for what you can’t predict.
The Australian insurance market is getting more complex, with insurers addressing “silent cyber” risks — where policy language doesn’t cover certain cyber events. Insurers are making moves to update policies with clearer terms, but gaps still exist.
To fully benefit from cyber insurance, audit your existing policies to identify any ambiguous coverage areas and consult with brokers or legal experts to ensure you’re adequately protected against all potential threats.
All the news, tactics and scams for finance leaders to know about in August 2024.
All the news, tactics and scams for finance leaders to know about in July 2024.
What is the Fraud and Corruption Policy and how can you ensure your organisation is compliant?
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.