By Omer Bejerano
The landscape of cyber crises has evolved rapidly in recent years, with attacks growing in both frequency and sophistication. What was once primarily a technological threat now has broader, far-reaching business consequences. According to an Allianz report, in 2024, cyber risks became the leading threat across all company sizes. That’s a fair assumption, considering the average time to execute ransomware attacks dropped from 60 days in 2019 to just 4 days in 2024.
This naturally affects the cyber insurance industry. For example, in a recent opinion piece, Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies, argued that insurers should be strictly prohibited from reimbursing ransomware payments.
Cyber Crisis VS. Cyber Incident
In contrast to a cyber incident, a cyber crisis represents a significant escalation, involving substantial business repercussions. Crises not only affect operations but also trigger indirect damages such as loss of clients, decreased share value, and legal challenges, including class actions, corporate litigation, or regulatory fines.
Take, for example, two late-2023 ransomware attacks on casino and hotel companies MGM Resorts and Caesars Entertainment. Caesars opted to pay the $15 million ransom, got its systems restored immediately, and mitigated potentially much larger damages. MGM, on the other hand, refused to pay, had its IT systems offline for roughly 9 days and ended up losing $100 million, more than thrice the $30 million ransom it was asked for.
Overemphasis On Prevention
A critical issue in today’s cyber insurance market is the excessive focus on prevention tools and internal protocols. While these are vital, their insufficiency becomes apparent once a crisis unfolds. One example are the outdated, static paper-based crisis management playbooks; while theoretically useful, these often fail to provide the real-time guidance needed during a dynamic cyber-attack.
Moreover, in a recent global ransomware incident, a company proceeded to pay the ransom without verifying that its insurance policy included procedures for handling such events. It was later revealed that the client’s policy restricted its ability to make ransom payments without written approval from the insurer. Thus, the client was unable to claim reimbursement for the payment, resulting in significant financial damage. This underscores the shortcomings of old-fashioned paper-based playbooks, which are neither operational nor adaptable to the specific organization’s specific attributes and real-time developments during a crisis.
The Imperative Insurance Paradigm Shift
Unlike traditional insurance models, where the insurer often becomes involved only ex-post, after the damage is dealt with, cyber insurance requires insurers to be involved ex-ante, from the onset of a crisis. Insurers today play a significant role in crisis management, often getting involved in even the smallest details. This involvement is crucial to ensure organizations follow policy rules, since otherwise — they might be left with no indemnification.
To address these challenges, the insurance industry must shift its focus beyond event prevention, which is incident-focused, to crisis management through the adoption of technology. This shift can dramatically reduce damages caused by cyber crises by either containing them as incidents or managing them comprehensively as full-scale crises.
Accordingly, failing to provide policyholders with effective crisis management tools increases risks for both insurers and policyholders. A prime example is Crisis Simulations Aligned with Insurance Policy. By involving insurers in these simulations and leveraging technology, organizations can ensure that their coverage addresses the evolving threat landscape, and that they know how to activate it once required to. Such an approach allows insurance to be as adaptable as the threats they are meant to mitigate, and to price their offering accordingly.
Cytactic: A Comprehensive Solution
Cytactic is designed to fill this gap, providing organizations with a holistic cyber crisis management solution that ensures both preparedness and effective crisis handling, as the platform integrates preparation and real-time management into a single system.
During the preparation phase, Cytactic allows organizations to simulate real-world cyber crisis scenarios tailored to their specific operations, based on their own attributes. This enables teams to become familiar with potential threats and practice response strategies under realistic conditions. In an actual crisis, the platform provides real-time operational tools, such as dynamic data analysis, messaging hub, communication and collaboration tools, automatic executive updates, and seamless integration with existing playbooks.
These tools help reduce the damages associated with cyber crises, making them essential not just for companies but also for insurers seeking to minimize claims and payouts.
Why Insurers Must Adopt Crisis Management Tools
Cyber insurance is at a crossroads. As a result, some forward-thinking actors in the insurance industry are beginning to offer comprehensive policies that leave no void untouched, addressing both the preventive and crisis management and preparedness needs of their clients, including during the underwriting process.
Offering clients solutions like Cytactic guarantees that insurers can reduce both the frequency of claims and the size of payouts. More importantly, they help companies recover faster, with less damage to their operations, finances, and reputation.
As cyber threats continue to grow in frequency as well as complexity, the need for comprehensive crisis management solutions is undeniable. Cytactic offers precisely such a tool!
___________
Omer Bejerano (Adv.) is Head of Customer Success & Services, Cytactic