Arraya Insights | September 15, 2021
While cyber threats date back decades, 2021 saw an unprecedented increase. Ransomware attacks are leaving victims with financial consequences like we’ve never seen before. Even the U.S. government is stepping in to help improve the nation’s cyber security posture. Meanwhile, the relatively new cyber insurance industry is grappling with unprecedented demand, increased claims payouts, and limited coverage for insureds. Some are calling this a “crisis moment” for the industry.
Cyber coverage faces unique challenges in comparison to other lines of insurance. It’s difficult for cyber carriers to diversify their risk as cyber attacks aren’t limited by geographic areas. Further, while the internet and cyber threats now date back decades, this is a relatively short time frame in comparison to other forms of insurance.
While other lines of insurance rely on hundreds of years of historical data and events, cyber insurance carriers have little data to analyze when risk forecasting. In fact, several carriers are now banding together to share their data and analysis capabilities.
As more businesses and enterprises begin to recognize their potential cyber exposure, the demand for coverage has skyrocketed. The U.S. Government Accountability Office (GAO) reported that the percentage of insurance clients who opted for cyber coverage recently increased from only 25% in 2016 to 47% in 2020.
5 Changes in the Cyber Insurance Landscape That Business Owners Should Know
With so many customers grappling with the potential of becoming the next ransomware target, a waterfall effect has led to several recent changes in the cyber insurance industry.
Here’s what those seeking coverage should know:
- Premium Increases & Reduced Coverage Limits
To date, the cyber insurance industry has struggled with profitability. The ratio of losses to premiums earned has led to substantial premium increases for customers. This is because the annual growth rate in premiums has been 20% over the past four years, while the annual growth in claims payouts has been almost double that, at 39%.
This risk has led carriers to reduce the coverage limits they’ll offer, especially for healthcare and education clients. Previously, a cyber insurance policy may have been bundled with other coverages. Now, carriers are creating separate, specifically cyber insurance policies. This results in customers paying more, for less coverage.
2. New Requirements of MFA for Email Access
As cyber carriers seek to control risk and their insureds’ exposure, many are requiring that their customers implement multi-factor authentication (MFA) for all email access. MFA is a security feature that requires users to present two forms of credentials to gain access, rather than just a single password. For those looking to apply for coverage or renew their policy, they’ll need to ensure they’re actively utilizing this security technique to qualify.
3. More Comprehensive Due Diligence on Security Practices
In addition to requiring MFA, many cyber insurance carriers are thoroughly analyzing all applicants’ and renewals’ cyber security posture before writing new policies. This could result in refusals for companies with subpar cyber security practices. For smaller businesses who don’t have the budget for an IT team or security tech, this could be problematic.
Applicants can expect extensive questionnaires, a cyber security screening through a third-party vendor (like BitSight), and for their public presence to be reviewed for security posture.
4. Higher Claims Payouts Due to Supply Chain Attacks
While third-party services are now considered standard, third-party software supply chain providers have quickly become a favorite target for cyber hackers. When these attacks are successful, hackers can take advantage of a plethora of victims through the supply chains’ client and customer base.
These attacks can cause substantial disruption as clients may be left without access to their website, data, network, or more. These outages can cause extensive damage to a business or enterprise while cyber insurance carriers may face significant business interruption payouts.
5. Decreased Number of Cyber Insurance Carriers
Based on the ratio of claims payouts to premiums, the cyber industry hasn’t been the most profitable in the last few years. This is a significant challenge for insurance carriers for obvious reasons. Many insurance carriers who opted to begin providing cyber coverage in addition to their routine lines of business have now begun to back out of the industry. Customers looking for cyber coverage will find that they have limited carriers and options to choose from.
There’s a lot about the cyber insurance industry that is still unknown. Even the terms and definitions of cyber policies remain vague, resulting in coverage disputes. As this relatively new insurance product matures, demand will remain high.
Next Steps: Evaluate Your Cyber Posture & Your Need for Cyber Coverage
The threat of ransomware is creating a domino effect throughout the cyber insurance industry. While many questions remain, it’s clear that ransomware is going nowhere fast. As businesses and enterprises continue to face increased threats, the demand for cyber insurance will remain at record levels.
If you need help navigating the complicated cyber security landscape, Arraya can help. Our cyber security experts will help you address your vulnerabilities and match you with the best security solutions and insurance products to fit your company’s individual needs.
Reach out today to get started or should you have any questions.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.