Did you hear about the Snowflake hack? Snowflake is a cloud computing company that got blasted by a series of attacks earlier this spring. Snowflake clients ended up taking most of the shrapnel.
Snowflake client Ticketmaster estimates 560 million customer records were stolen/copied. The threat actors (TAs) who breached Snowflake may be responsible for another attack against Ticketmaster — ransomware thieves swiped barcodes for thousands of Taylor Swift concert tickets. The TAs are demanding millions of dollars in ransom from the entertainment giant or they’ll release the customers’ info onto the dark web.
Advance Auto Parts, another Snowflake customer, announced TAs stole 79 million customer records. TechCrunch reports Snowflake doesn’t “require (or enforce) its customers to use [a] security feature which protects against intrusions that rely on stolen or reused passwords.”
Bottom line: Snowflake’s clients may need to bear the financial costs of their data breaches alone if they didn’t adhere to the cloud company’s security recommendation. Companies covered by insurance against data loss and extortion threats are in a much better position than those that aren’t.
Cybersecurity Budgets Jump by 60% in 2024
Rampant data security breaches are just one reason — though admittedly the most common one — that many companies are opening their purse strings to beef up cybersecurity. The 2024 Cybersecurity Threat and Risk Management Report, conducted by the Ponemon Institute and sponsored by Optiv, finds corporate spend is up nearly 60% this year.
“The threat landscape keeps breaking records as it becomes more volatile and complex,” the report finds. “[P]rofessionals and senior leadership are becoming more cognizant of the importance in strengthening their security posture … and allocating funds based on proven effectiveness in reducing security incidents.”
Ponemon surveyed 650 information technology and cybersecurity professionals for mid-sized to large companies. Respondents reported spending an average of $26 million on cyber security initiatives in 2024. Nearly half of those polled say their budgets jumped by 25% or more over 2023.
Tech pros touted the essentialness of a cybersecurity incident response plan (CSIRP) to stay a step ahead of TAs. A CSIRP works best when it’s implemented across “every area of the enterprise” and is tested regularly. More than half of respondents say they review and test their CSIRPs quarterly or twice a year.
Perfect Time to Buy Cyber Insurance?
The National Cybersecurity Alliance estimates that up to 60% of small businesses fail within six months of a significant data breach. No wonder more companies are signing up for cyber insurance (CI) policies.
Now’s a great time to explore the options available. A new report from insurer Howden shows rates are dropping as more competitors get into the market. “Pricing is now falling, and competitive forces are yielding more tailored underwriting decision-making that reflects companies’ risk profiles,” says Howden. Average policy rates are 15% lower than their peak in spring 2022.
CI policies offer varying levels of coverage — first-party CI for internal business interruption, data recovery and legal costs; third-party or customer-related CI; and network security coverage for malware, ransomware attacks, et al.
A white paper published by Sophos in June 2024 finds more companies are exploring CI policies, due in part to the risk of doing business with multiple supply chain partners. “While multiple factors motivate organizations to adopt CI, general awareness of the business impact of cyberattacks/cyber crime is the most common reason behind the purchase, cited by 48% of respondents,” says Sophos. “CI is increasingly a condition of doing business as organizations look to mitigate the risk of supply chain attacks by ensuring their commercial partners have insurance coverage.”
Sophos’ report also offers a word of warning to businesses: Most policies won’t cover all of the costs associated with a breach. Just 1% of firms that filed a CI claim in 2023 were covered for 100% of the total damage. Standalone CI policies will cover higher percentages of the types of breaches a company experiences than cyber coverage as part of a wider policy.
“The most common reason for the recovery bill to not be paid in full is that the total costs exceeded the policy limit (63%),” says Sophos. “With the average cost to remediate a ransomware attack now $2.73 million, organizations should ensure that their policy provides sufficient coverage should they experience a major incident.”
The second-most common reason is “costs were incurred without the insurer’s permission, cited in 58% of cases. … Forty-five percent of respondents said that they had costs/losses that weren’t covered by the insurance policy. With nearly one in two cyber-attack victims reporting [this as a reason] suggests that misalignment of policy and needs is widespread.”