As cybercrime continues to grow, so does the market for cyber insurance. Ransomware and other attacks can target both supply chains and critical infrastructure, causing significant damage to businesses and society.
Risks that affect an entire system and accumulation scenarios both require a well-defined risk appetite in order for sustainable and innovative protection to be offered to those who are insured. Cybersecurity that is at an adequate level strengthens the resilience of those who are insured and, at the same time, is something that is required in order to have access to the insurance market.
But, with the recent increase in ransomware attacks, many executives are concerned that insurance carriers will no longer provide coverage for cyber-related incidents.
While coverage isn’t going to stop, insurers are starting to make it harder to be insured against cyber attacks, and in some industries, it’s almost next to impossible to get cyber insurance.
The global cyber insurance market is expected to reach $20 billion by 2025, according to research firm GlobalData. This represents a 74% increase from the $4.8 billion market size in 2021. Fitch Ratings, which assigns insurer credit ratings, says that the demand for cyber insurance is growing as businesses become more aware of the risks posed by cyberattacks.
Despite the booming cyber insurance industry, many carriers are struggling to keep up with the ever-changing landscape of risk. In order to stay afloat, these companies are forced to revise their underwriting models and increase premiums. As a result, the market may not be as healthy as it appears.
As cyberattacks become more prevalent, insurance companies are becoming increasingly selective about the industries they are willing to cover. It is becoming very difficult to insure sectors that have been disproportionately targeted in the past, such as government, education, healthcare, and utilities.
But wait, there is good news: Organizations can still get cyber insurance, but they will have to pay more and meet additional requirements for less protection.
“83% of all C-Level respondents in a recent global study reported that their company is not adequately protected against cyber threats.” – Munich Re, 2022
What does cyber insurance cover?
Cyber insurance is a type of insurance that helps protect businesses from the financial damages caused by cyberattacks.
Just like with any other type of insurance, companies apply for coverage from brokers or carriers, and underwriters evaluate the applicant’s security posture to determine if they are taking basic precautions against attacks.
If an attack does occur, cyber insurance can help cover the costs of things like downtime and lost income.
As the insurance industry continues to grow, underwriters are increasingly relying on models to determine the amount of coverage they are willing to offer and at what rate. If the models indicate that a policy is likely to be profitable, the policy is issued and the carrier will usually transfer some of the associated risks to a reinsurance company.
The reinsurance market allows insurers to write more policies and continue expanding their operations.
After a Ransomware Attack, Nothing is the Same.
Ransomware has turned the insurance industry upside down, leaving organizations scrambling to protect themselves.
Here are some facts to consider:
- Last year saw a sharp increase in ransomware attacks, with a reported 51% surge compared to 2020.
- Adjusted losses for 2021 totaled more than $49 million, a nearly 69% increase in 2020 that accounted for $29.2 million in losses.
- Ransomware payments have reached new heights in 2021, with the average payment hitting $821k. That’s a 79% increase from 2020 payment amounts which were $170k.
- Ransomware was involved in 75% of all cyber insurance claims during the first half of 2021.
Rising Rates and Less Coverage
The insurance industry took a leap in 2021 by increasing direct-written premium rates by 74%.
For many industries, coverage limits have been reduced from $10 million to $5 million, while deductibles (also known as “retentions”) have increased. In some cases, deductibles have jumped from around $25,000 to as much as $250,000 in the past year or two.
Prove Your Security is Tight
Cyber insurance companies are increasingly requiring their clients to meet higher standards of cyber hygiene in order to qualify for premium rates. Much like someone applying for life insurance might have to take a physical and share their medical history, organizations must now take measures to ensure they are up to par in terms of cybersecurity.
This includes things like multifactor authentication (MFA), endpoint protection, and up-to-date backups. Cyber risk scores are something that insurers are paying close attention to as well. If an organization doesn’t have all its ducks in a row in terms of security, it can expect to pay higher rates, have reduced coverage, or be rejected outright.
The rising number of cyber-hygiene prerequisites can be frustrating for executives, which is where a good VRM solution can come in to identify vulnerabilities in networks and devices.
Cyber Insurance: Worth It?
As cyber insurance coverage becomes increasingly restricted, some organizations are wondering if they need the coverage at all or if they could just pay out-of-pocket in the event of an incident.
Not everyone is on board with the self-insurance approach when it comes to potentially massive losses from a serious cyberattack. Some feel that the stakes are simply too high to gamble on being able to cover all costs on one’s own.
This is where MDRs like CyberMaxx can come in and provide the protection organisations need at a lower cost of insurance premiums and a fraction of the cost that a ransomware attack would cost.