“Everybody says it, so it must be true” is an example of the bandwagon logical fallacy. In the context of cyber insurance, the argument goes that everyone is a potential victim of an attack, thus everybody must have cyber insurance. In reality, not every organization can afford to buy cyber insurance, and there are organizations that don’t qualify for a policy even if they want one.
Having cyber insurance used to be as simple as purchasing a prepackaged cyber insurance policy, similar to the process of buying a home or car insurance policy. With the explosion of ransomware attacks, the industry has been in disorder as insurance carriers and brokers process claims for damages caused by ransomware. In response to soaring claims, carriers are reducing the amount of coverage offered per policy, charging higher prices for less coverage, imposing much tighter rules on who can qualify for coverage, and cancelling policies for companies that don’t meet the minimum requirements.
Policy coverages are significantly lower than they used to be, in some cases dropping from $10 million to $5 million and often lower, and many companies cannot get enough, says J. Andrew Moss, a partner at Reed Smith LLP’s Insurance Recover Group. “You have to fill in the gaps, and that’s very tough because capacity has just been low or companies are priced out from buying as much insurance as they would ideally like to buy,” he adds.
Coverage Required, But Out of Reach
For victims of a