By John Gruber
Upgraded — Get a new MacBook every two years. From $36.06/month with AppleCare+ included.
When MGM Resorts suffered a $100 million hack in September, CEO Bill Hornbuckle wasn’t too worried about the lost revenue, because cyber insurance would cover the tab. “I can only imagine what next year’s bill will be,” he joked.
Weeks later, on a call with analysts, Hornbuckle complained about the “staggering” rise of insurance costs in the past few years.
This story neatly illustrates the crisis in cyber liability coverage. For years, companies have invested more in security insurance than in actual security. The result has been a tidal wave of data breaches that have driven up the cost of premiums to the point that they are rapidly becoming unaffordable.
Some large enterprises are responding to the increased costs by creating their own “captive carriers,” insurance providers that exist only to serve them. But that’s clearly not an option for small businesses, which are more likely to go without insurance altogether.
According to Andrew Bucci, VP of Sales at Amplified Insurance Partners, “It’s going to come to a point where some people may have to self-insure, which means that they don’t take a cyber policy out and they just cross their fingers they don’t have some sort of breach.” That’s a huge gamble for SMBs, since they could be driven to bankruptcy by a single security incident.
At Kolide, we’ve seen our cyber insurance premiums go up by 40% in just the last two years, and we got curious about:
What we found was that insurance companies themselves can help get us out of this crisis, by mandating some (pretty basic) security requirements for their customers–things like MFA, endpoint security, and retiring end-of-life software.
Read the full blog to learn more about our findings.
This RSS sponsorship ran on Tuesday, 14 May 2024.