Cyber Insurance Update: Rates, Underwriting Climate and Exposures

Policyholders who haven’t been paying attention to the cyber insurance market may be in for a rude awakening. As cyberattacks continue to surge, the cyber insurance market is hardening. Here’s a look at what’s happening now in cyber insurance.

Cyberattacks Are Worsening

Phishing attempts, ransomware infections, data breaches, business email compromise schemes, and other cyberattacks keep getting worse, both in frequency and severity.

The 2021 Q3 Data Breach Analysis from the Identity Theft Resource Center found that the number of publicly reported data compromises in the first three quarters of 2021 exceeded the number of report events in all of 2020 by 17%. According to Check Point’s 2021 Cyber Trends Report, global cyberattacks increase 29% in the first half of 2021.

Ransomware in particular has been a problem. The NCC Group Annual Threat Monitor shows that ransomware attacks increased 92.7% in 2021, and that 53% of the attacks targeted victims in North America. The size of the ransoms has also been increasing. Coveware’s Quarterly Ransomware Report shows that the median ransom payment increased 59% between the fourth quarter of 2020 and the first quarter of 2021.

CISA says that cybersecurity authorities have observed a global increase in high-impact ransomware attacks against critical infrastructure organizations, such as food and agriculture, and IT. These attacks have been sophisticated, and tactics keep evolving. Notably, hackers are no longer relying purely on encryption to extort money from victims. Now they are also threatening to release sensitive information, disrupt internet access and tell other parties about the incident.

When a cyberattack occurs, the consequences can be devastating. According to Infosecurity Magazine, a U.S. fundraising company had to let go 300 workers and shut down after more than 60 years in business due to a ransomware attack. There have been reports of other businesses having to close their doors after cyberattacks.

Cyber Rates Are Up

All of these cyberattacks are having a significant impact on cyber insurance.

According to the Q3 2021 P/C Market Report from the Council of Insurance Agents & Brokers, 77% of respondents reported an increase in cyber claims in the third quarter of 2021, and 79% reported an increase in the second quarter.

Given the increase in cyberattacks and claims, it’s not surprising that cyber insurance rates are increasing. According to the report, cyber premiums increased an average of 27.6% in the third quarter. This rate hike is much steeper than what we’re seeing in other lines. The report also notes that many respondents are reporting stricter underwriting, higher deductibles, and lower limits.

Nevertheless, demand for cyber insurance was high in the third quarter, with 93% of respondents reporting an increase in demand. Even faced with rising rates, organizations understand the importance of having good coverage in place.

Take Control of Cyber Risks

It looks like 2022 will be another challenging year for cyber insurance. Organizations need to be proactive about controlling their risks and securing coverage.

  • Expect rate increases. Cyber rates are surging, so there’s a good chance your rates will increase.
  • Don’t assume that a policy will be renewed. Instead of getting hit with a rate increase, you could receive a notice of nonrenewal. Cyber insurance underwriting is getting stricter, so policyholders need to be ready for increased scrutiny. Brokers and clients should work together to make sure they are submitting a strong application.
  • Shore up your cybersecurity. CISA says that hackers often gain access via phishing, stolen Remote Desktop Protocol credentials, and exploitation of software vulnerabilities, so it’s vital to make sure you’re taking steps to reduce these risks.
  • Train everyone at your organization to take cybersecurity seriously. While it’s important for IT departments and cybersecurity experts to make sure networks are as secure as possible, workers in all departments must know how to prevent cyberattacks. This includes using strong passwords and multifactor authentication, as well as knowing how to spot phishing attempts and malicious links.
  • Document your cybersecurity efforts. A disconnect between your written cybersecurity policies and your day-to-day practices could create openings for hackers. Make sure you’re actually following through on best practices and maintaining records to document this. According to Security Infowatch, attestations likely won’t be enough going forward. Instead, policyholders will need to prove that they have adequate security protocols in place.

Do you need help securing robust cyber insurance in today’s challenging market?

Tangram can help. Contact us to learn more.