For the vast majority of organizations, falling victim to a social engineering scheme is no longer an “if,” but a “when.” Phishing, vishing and smishing attacks, including business email compromise (BEC) scams are occurring 15 times more frequently since 2020. In the same timeframe, the severity of these attacks has increased by 179%, with average losses nearly tripling to more than $326,000.1,2
Many organizations are unprepared to meet this rising challenge, whether due to ineffective risk controls, such as inadequate employee training, or from “off the shelf” cyber and crime insurance policies, which often have coverage gaps and can lead to uninsured losses in the event of an attack. Our November article details the steps organizations can take to prevent and mitigate social engineering losses.
Rate increases appear to be slowing, but that does not mean the hard market trend is over — at least not for all insureds. Insureds with average or below-average risk profiles will continue to see policy limitations and exclusions, as well as higher insurance rates and increased retention.
Organizations that clearly define and differentiate their risk, and present thoughtful risk mitigation strategies, are much more likely to experience a favorable renewal. Read more about the steps organizations can take to stand out in a hard market.
Failing to review third-party contract language for exposures to risk is an often-overlooked source of uninsured loss for many companies. For cyber incidents alone, 59% percent of companies have experienced contractual exposures caused by a vendor or third party.3 Seventy-five percent of third parties do not meet insurance requirements as established by the other company in the agreement.4
To reduce these exposures to contractual risk, organizations must continually review and improve contract language and the alignment of insurance policy terms. Read the article or watch this short video to learn more about how companies can reduce exposures to contractual risk and uninsured liability.
Cyber risk remains a perpetual threat to the profitability of most organizations, yet recent increases in ransomware attacks and other cyber incidents, exacerbated by the shift to remote work, have led to a hard market for cyber insurance, making it difficult and expensive for organizations to purchase coverage and offset risk.
With underwriters taking a more thorough and technical look at an organization’s cyber exposures and loss controls, insureds that take steps to improve cybersecurity and demonstrate a strong cyber risk mitigation strategy, are more likely to be offered optimal insurance coverage. As with most lines of coverage, insureds with poor to average loss control practices will continue to see policy exclusions and higher rates and retention, assuming cyber carriers are even willing to take on the risk. Read more about how companies can improve cybersecurity to ensure proper protection against cyber risk.