Looking for an affordable cyber insurance policy for your company? It may take a while to find. And you just might not find it at all.
The state of cyber insurance in late 2020
The writing was on the wall late last year when in November of 2020 the Insurance Marketplace Realities 2021 – Cyber Risk report was released by Willis Tower Watson. The findings highlighted how COVID-19 continued to impact the cyber market, with an increase in phishing and hacking activity.
The report also shared that, according to Willis Re’s earlier survey of cyber insurance buyers, underwriters, risk managers, claims professionals, actuaries, and brokers, 86% of respondents thought the frequency of cyberattacks would increase as a result of the pandemic, with 54% believing the severity of attacks would also worsen. (And yes, we have the data to know this prediction did come true.)
A takeaway of the report was the expectation that claims and losses related to the COVID-19 would continue with employees continuing their remote work “on potentially less secure networks with less secure hardware.”
Interestingly, the summary noted that the marketplace had yet to strongly react by either adding exclusions for COVID-19-related cyber events, or declining certain types of coverage.
Cyber insurance today
Let’s jump ahead to the present day, the start of the third quarter of 2021. Have things changed since the release of the above-mentioned report in November when it comes to insuring businesses?
Willis Re has now reported that for the current July 2021 renewal season, global cyber reinsurance rates have soared by upwards of 40%. The reason why? As we all know from daily media headlines, ransomware attacks are continuously increasing in both the number of occurrences and severity.
Cyber insurance and reinsurance policies cover the cost of a wide range of services and losses. Coverage ranges from the restoration of a network and technical infrastructure to losses associated with the interruption of business. These policies may even cover reputation-management expenses related to the work completed by a PR agency, should a hacked company become a newsworthy item and have to launch a communications campaign in the wake of a cyberattack.
And – this is a major change in the industry that has transpired in the last eight months – it is now shared by insurance industry sources that insurers and reinsurers alike are cutting the amount of cyber coverage they provide. This comes in the wake of the filing of many large claims.
James Vickers of Willis Re has stated, “Reinsurers that have been writing cyber are looking at considerably worse results than a few years ago … I don’t think people had really imagined the extent of the ransomware attacks going on.”
It wasn’t all that long ago – we only have to go back a few years – that cyber insurance was considered a profitable industry. However, with a 400% rise in ransomware cases in 2020 and cyber insurance payments now coming in at an estimated 70% of premiums collected, this is no longer the case.
Gregory Eskins from commercial insurance broker Marsh McLennan shared that policy renewals are carrying new, stricter rules or lowered coverage limits.
As Michael Phillips, chief claims officer at cyber insurance firm Resilience and co-chair of the public-private Ransomware Task Force, explained why there is such a rise in the cost of insurance: “the price has to match the risk.”
The future of cybercrime
The cybercrime climate will only worsen, with many experts expecting that the attacks will only get more sophisticated, more costly, and more frequent.
And new spins on cybercrime will continue. Cybercriminals are now looking to breach the security of cyber insurance companies to uncover client lists are and the extent of their client coverage. This then provides criminals with inside information that comes in handy when making ransom requests following the cyberattack of an insured company.
Also important to note is that the “human element” (aka human laziness, fallibility) continues to be a leading cause of cyber loss, contributing to approximately 64% of the claims per Willis Towers Watson.
So what is a company to do?
Companies, large and small and across all industries, should look not sit passively when it comes to cybersecurity. Firms should not wait for a problem to occur. A key recommendation from the November Willis Tower Watson report is “organizations should be proactive in assessing their cyber resilience” – and as we move into the second half of 2021, this is only more important than ever.
There are steps businesses can take – actionable steps – to shore up security within a business. Regardless of the size of the organization, and no matter the industry, internal systems, and data must be protected. And yes, an immediate catalyst for action might be to ensure the entity obtains needed cyber insurance, but there are equally or arguably more important reasons for a company to take proactive steps to shore up its security solution.