With over three decades of expertise in the Life Insurance sector, I've come to realize there's nothing more vital for safeguarding your business than cybersecurity. Whether you're a financial advisor, an insurance agent, a broker-dealer, or a principal of a brokerage agency, a single cyberattack could devastate your business. Adopting a Zero Trust approach is essential. Moreover, cybersecurity is crucial for meeting regulatory and compliance obligations. I urge you to conduct audits on your network and website. I'm here to assist you in securing a complimentary audit. Now, let's delve into some key insights on cyber insurance, compliance, and security.
The global cyber insurance market tripled in volume in the last five years, expanding to gross direct premiums of around $13 billion in 2022, according to the Swiss Re Institute (SRI). In two years, the market has seen rate increases and re-underwriting to restore profitability. Swiss Re Institute expects premiums to grow to $23 billion by 2025.
There has been a surge in submissions. Over the last half-decade, there has been notable maturity in this sector. With access to comprehensive data and accumulated experience, insurers now have a more refined framework for assessing and pricing cyber risks.
However, recent industry reports highlight some concerning areas. Loss ratios are on the rise, cyber insurance limits are shrinking, and coverage terms are becoming more restrictive, all impacting insurers' efforts to manage their risk exposure effectively.
Given the evolving cyber landscape, insurers continuously recalibrate strategies. They maintain rigorous underwriting practices, emphasizing the importance of advanced cyber hygiene. Consequently, coverage terms are closely aligned with an organization's level of preparedness. Establishing a strong Cybersecurity Program is one of the first steps towards meeting insurance and regulatory demands. A Cyber Program Management System like Buckler can fast-track policy management and compliance. While there was a decline in claims and ransomware incidents in 2022, there was a resurgence in 2023. In the United States alone, ransomware events spiked by 75% within the first six months of the year, according to a report by Malwarebytes Inc. Even with this as a driver, enterprises and agencies often wait to see fines and enforcement from regulators before taking action themselves. Swift changes are happening with the SEC’s new cyber rules, coverage restrictions for systemic risk and privacy violations and increased expectations for cybersecurity.
Certain industries, such as financial services, professional services, technology, and healthcare are particularly susceptible to cyber threats with high volumes of private data. These sectors, along with their associated supply chains, face high, or extremely high, levels of risk. Consequently, many organizations in these sectors are turning to specialized solutions offered by insurance brokers, carriers, and solution providers to better manage and mitigate risks effectively.
Three Significant Trends Shaping the Cyber Insurance Industry
1. Increased Security Requirements
As cyber threats become more sophisticated, insurers take a more proactive approach to risk management by implementing stringent security standards for their clients. This trend is evident in the growing prevalence of detailed security questionnaires that insurers require businesses to complete as part of the insurance application process.
Businesses seeking cyber insurance must be prepared to provide comprehensive information about their cybersecurity posture and demonstrate adherence to industry best practices and cyber regulations.
HIGHLIGHT: In regions where rates rose, the trend was for a slower pace of increase. Insurers continued to focus on cybersecurity controls, typically looking for year-over-year improvements. (March 2024 Global Insurance Market Index)
2. Increased Scrutiny During the Claims Process
In the event of a cyber breach, insurers will often conduct thorough investigations to determine whether the insured party complied with the security requirements outlined in their insurance policy. Insurers may deploy teams of experts to assess the insured party's cybersecurity practices and verify their compliance with the terms of the policy.
If the insured party is found to be non-compliant with the security requirements, the insurer may deny the claim, leaving the business responsible for covering the costs of the cyber breach. This trend underscores the importance of maintaining robust cybersecurity measures and regularly reviewing and updating security protocols to ensure compliance with insurance requirements.
HIGHLIGHT: It’s also not unusual for cyber insurance claims to get rejected. This is usually either on account of exclusions or poor cybersecurity hygiene on the part of the insured. Estimates from Marsh’s Global Insurance Market Index suggest that around 27% of cyber insurance claims were not honored or were partially paid due to exclusions within the cyber cover.
3. Rising Premiums
As cyber threats continue to evolve and breaches become more frequent and costly, insurers are adjusting their pricing models to reflect the heightened risk environment. This trend is particularly pronounced for businesses in high-risk industries or those with a history of cyber breaches, like the financial services industry.
Businesses should be prepared for the possibility of higher cyber insurance premiums and factor these costs into their overall risk management strategy. Investing in proactive cybersecurity measures and demonstrating a commitment to risk mitigation may help businesses negotiate more favorable premium rates with insurers.
HIGHLIGHT: The cost of Cyber Insurance in the 2nd quarter of 2022 rose to 79% in the US. Marsh’s Global Insurance Market Index. While premium costs fell by 6% in the third quarter of 2023 compared with the same quarter in 2022, ransomware- and privacy-related claims had already skyrocketed from the previous year, according to risk management consultancy Marsh. (Dark Reading)
The cyber insurance landscape is evolving rapidly. Insurers are implementing stricter security requirements, increasing scrutiny during the claims process, and raising premiums to reflect the growing cyber risk landscape. To effectively navigate these trends, businesses must prioritize cybersecurity investments, maintain compliance with insurer requirements, and proactively manage cyber risks. By staying informed about emerging trends and working closely with experienced solution providers, businesses can protect themselves against the financial impact of cyber incidents to ensure their long-term resilience in an increasingly digital world.
Sample industry solutions that can remove or mitigate risk for stronger cyber insurance alignment are:
• Buckler: A cyber program management system with built-in regulatory compliance and evidence proof for easier program management and communication across teams, leadership, and boards.
• Open VRM: A (zero-cost) vendor risk management (VRM) platform that can be leveraged by clients and their vendors to save time and resources managing vendor risk.
• FCI: An MSSP delivering zero-trust integrated, automated cybersecurity solutions that fill control gaps across endpoints, networks, applications, and users.