October is Cybersecurity Awareness Month and the Oregon Division of Financial Regulation (DFR) reminds everyone that cybersecurity is a hot topic for the insurance sector today and a growing concern for many businesses.
Cybersecurity Awareness Month is a collaborative effort led by the Cybersecurity and Infrastructure Security Agency (CISA), uniting the public and private sectors to encourage behaviors that reduce online risks. The campaign emphasizes that fundamental actions can make a big difference in defending our nation against cyber threats and protecting our critical infrastructure.
Businesses, large and small, should consider cyber insurance as part of their risk management process. Cybersecurity is a risk that all insurance carriers should take seriously from an operational resilience perspective, as cybersecurity events can disrupt your business, costing you money.
Most commercial property and general liability policies do not cover cyber risks, and cyber insurance policies are highly customized for clients. Insurers and insurance producers must protect the highly sensitive consumer financial, health and nonpublic personal information collected as part of the underwriting and claims processes. Reports show that sectors such as health care and financial services are experiencing higher cybersecurity incidents and claim costs, partially due to the data they manage.
CISA has tips to protect your business. Cybercriminals look for easy targets. Businesses without basic precautions are vulnerable. Start with these four essential steps to safeguard your data and enable employees to stop attacks before they happen:
-
Teach employees to avoid phishing: Phishing tricks employees into opening malicious attachments or sharing sensitive information. Train employees to recognize and report suspicious activity.
-
Require strong passwords: Strong passwords are a simple but powerful way to block criminals from accessing your accounts through guessing or automated attacks. Make them mandatory for all users.
-
Require multifactor authentication (MFA): MFA – also known as two-factor authentication – adds an extra layer of security beyond passwords. Require it to make accounts significantly more secure. Use phishing resistant MFA where available.
-
Update business software: Outdated software can contain exploitable flaws. Promptly install security updates and patches to keep your systems protected.
CISA also recommends businesses back up all their business data and encrypt it. Encrypting your data and devices strengthens your defense against attacks. Even if criminals gain access to your files, information stays locked and unreadable. Make encryption part of your security strategy.
“We see a complicated landscape in cybersecurity, which remains a priority for us,” said TK Keen, DFR administrator and acting insurance commissioner. “We are seeing increasing calls for legislation nationwide and regulation for enhanced cybersecurity measures to address risks including identity theft, business interruption, data repair costs, and more.”
More companies are entering the market each year. According to the most recent report on the Cyber Insurance Market from the National Association of Insurance Commissioners, issued in fall 2024, shows a cyber insurance market of roughly $9.84 billion in direct written premiums.
The U.S. cyber insurance market accounts for 59 percent of the $16.66 billion in premiums written for cyber coverages globally in 2023. This indicates a growing demand for cyber insurance coverage. The number of claims has also gone up with more than 33,000 in 2023. This increase reflects the rising frequency of cyber incidents.
###
About Oregon DFR: The Division of Financial Regulation protects consumers and regulates insurance, depository institutions, trust companies, securities, and consumer financial products and services. The division is part of the Department of Consumer and Business Services, Oregon’s largest consumer protection and business regulatory agency. Visit
dfr.oregon.gov and
dcbs.oregon.gov.