The rising cost of cyberattacks, including downtime, investigations, lawsuits, ransoms, and more are prompting cyber insurers to re-examine underwriting and encourage greater cyber resiliency in their customer bases. With the influx of cyber-insurance claims stemming from the CrowdStrike IT outage and the exorbitant price of recovering from data breaches — $4.88 million, on average, according to IBM — the cyber-insurance industry will continue to self-correct and evolve to fit market needs while maintaining profitability.

Insurers will come away from July’s widespread IT outage relatively unscathed, as the outages were caused by a vendor error, not a cyberattack, and because it was fixed fairly quickly. Still, insurer Parametrix estimates insured losses from US Fortune 500 companies will total $540 million to $1.08 billion, not even including Microsoft. Now, imagine this is a cyberattack that goes through a third-party software-as-a-service (SaaS) provider and takes down a similar swath of business, but recovery is slower, and companies must pay ransoms to recoup their data. How many billions of dollars will cyber insurers be out then?

Because cybersecurity is still a relatively new corner of the insurance market, ambiguity remains around what should be covered, the role cyber insurance plays in potentially encouraging ransom payments, etc. There’s no doubt that it’s still finding its footing, figuring out in real-time and on a world stage how to insure companies against rapidly changing and advancing cybersecurity threats.

Read the full story at the source below.

Source: darkreading.com