What Insurance Buyers Need to Know about the Cyber Liability Outlook
Posted:
2 years, 10 months
ago
(0 comments)
Earlier this year, we shared a general outlook on the insurance market for 2022. The insurance market has been hardening after years of relative stability. We'll continue to dive in on specific coverages to share a bit on how they have been impacted, what to expect for 2022 and how you can best prepare your business.
While claims have have impacted a number of sectors in the insurance market, the cyber insurance segment was arguably hit the hardest. The cyber insurance market is at a critical juncture for both insurance carriers and policyholders. While the last few years have seen increased competition among cyber insurance carriers, higher capacity and expanded coverage terms, both 2020 and 2021 saw a rapidly hardening cyber insurance market. Moreover, across industry lines, cyberattacks have surged in both cost and frequency. This increase in attacks has, in turn, resulted in a rise in cyber liability claims and subsequent underwriting losses.
In light of these market conditions, it’s predicted that most policyholders will experience higher cyber liability insurance rates in 2022, with many insureds seeing double-digit rate increases. Apart from increased premium costs, insureds may also encounter coverage restrictions, further scrutiny from underwriters regarding cybersecurity practices, and exclusions or sublimits for losses stemming from specific types of cyber incidents. If policyholders fail to demonstrate proper cybersecurity protocols or have experienced cyber incidents in the past, coverage will be increasingly difficult to obtain.
What happened with the cyber insurance market in 2021?
The cyber insurance market has been extremely volatile since the pandemic and especially in the United States. There have been a severe uptick in dangerous cyberattacks against American companies that are responsible for major financial loss and damage. Here are a few findings from the prior years' data:
- 2021 had the highest average cost in 17 years - Data breach costs rose from $3.86 million to $4.24 million. (IBM Cost of a Data Breach Report 2021)
- Remote work due to COVID-19 increased the cost - The average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach. (IBM Cost of a Data Breach Report 2021)
- Compromised credentials caused the most breaches - Compromised credentials were responsible for 20% of breaches at an average breach cost of $4.37million. (IBM Cost of a Data Breach Report 2021)
- Cybercrime is predicted to inflict damages totaling $6 trillion globally in 2021- Data breach costs rose from $3.86 million to $4.24 million. (CyberCrime Magazine)
- 6,000,000,000 will be connected to the internet interacting with data in 2022 - Yes, 6 billion people! Roughly one million more people join the internet every day which means more connected devices and networks.(CyberCrime Magazine)
What factors are causing the cyber insurance market to harden?
Many factors affect the cost of insurance but the following are primary reasons insurance buyers are seeing significant rate increases:
- The Economy - Like other segments within the economy, insurance is feeling the pressure. Claims are more costly to adjust and settle. This can also lead to businesses opting to go without certain security measures due to increased costs.
- Claims and the Loss Environment - As mentioned above, cyber insurers have experienced a significant increase in claims. This means that their loss ratios have also increased which leads to profits deteriorating. As the frequency and severity of claims rises, so to shall the insurance premiums.
- The Cost of Reinsurance and capacity - With the reasons outlined above, companies may have higher reinsurance rates. Or some companies may not have the capacity for claims due to these loss ratios.
- Cyber security measures and trends - The work-from-home changes, more remote work environments or and more connected networks can cause a higher frequency and severity of claims. Plus, many businesses may have made adjustments without updating their cyber security measures in place.
What factors influence my cyber liability insurance rates?
While the reasons above can make it difficult for consumers to secure their desired coverage at the expected price, there are additional factors that influence your insurance rates. Here are a few of the main components that factor in when pricing your coverage:
- Industry - Of course, certain industries carry more risks than others. For instance, the pricing, coverage conditions and availability are significantly different if you're a crane operator versus a retail store.
- Size of you Business - The more revenue your company generates, the more your premium will typically be increased. This is due to increased exposure with more customers, vendors, transactions, etc.
- Coverage - Each company's policy form is different. So the coverage limits and sublimits selected will also influence your premium. This includes your breach response limits, if they're inside or outside the limits, along with sublimits on Business Interruption, Social Engineering and more.
- Claims History - As mentioned above, if you're in a higher risk industry that is more likely to experience a loss or a catastrophic loss, that will impact your rates. In addition, if your business's claim history (confirmed with 'Loss Runs') will also have an impact on insurance rates. If you are experiencing frequent claims or severe claims, the underwriters tend to view your business as one that is more likely to file a claim.
- Risk Management - This is a broad term but can be designed to help control not only your up front insurance costs but also to avoid future losses. Cyber and Data Security along with employee training procedures in place can help provide some financial relief while you can also look to "self-insure" some exposures with a higher deductible or simply financing the risk through other methods.
What trends do I need to watch for in 2022?
Unless you have been living under a rock, you are most likely aware of the economic and social challenges we're collectively facing. These challenges will continue to shape our economic and insurance trends for 2022 and beyond. Let's take a look at a few of those trends to consider when making decisions for your business.
- Tightened underwriting standards—With cyberattacks surging, cyber insurance carriers have adjusted their underwriting practices to help mitigate the risk of costly claims. In particular, carriers are now requiring more substantial documentation from their insureds. This may include detailed information related to workplace cyber policies, incident response planning, employee training and security software capabilities. In addition, some cyber insurance carriers have also decreased their risk appetite and reduced their coverage offerings—especially as they pertain to protection for losses stemming from cyber events that are on the rise (e.g., ransomware attacks). To prevent insureds from leveraging their coverage for unintended purposes, some carriers have changed their policy wording to be less ambiguous. This adjusted wording can help carriers clearly outline the types of cyber events they cover as well as when and how coverage will be triggered.
- Elevated ransomware concerns—Ransomware attacks have been steadily increasing in recent years. This increase is likely tied to cybercriminals becoming more sophisticated and developing further avenues for launching these attacks (e.g., ransomware-as-a-service and remote desk protocol). What’s worse, ransomware attacks often carry higher costs than other types of cyber events. NetDiligence’s annual cyber claims study found that ransomware attacks were the largest driver of cyber insurance claims over the last five years—with the average ransom demand rising to $247,000 and the median incident cost reaching $352,000.
- Heightened business email compromise (BEC) risks—BEC scams entail a cybercriminal impersonating a legitimate source within an organization to trick their victim into wiring money, sharing sensitive data or engaging in other compromising activities. According to the latest loss data from Advisen, BEC scams are among the most expensive types of social engineering losses, and they are on the rise—increasing 58% from 2015 to 2019. The median cost of a BEC loss is $764,000; this is significantly more expensive than other social engineering losses, which average around $580,000.
According to Shawn Ram's blog on Risk & Insurance, they have reviewed current cyber claims data from across North America to draw on these additional trends for 2022.
- Ransomware will remain a threat — Poorly secured remote access protocols have allowed ransomware to become one of the most lucrative cyber criminal activities.
- Supply chain attacks won't stop — These types of attacks allow criminals to 'get more bang for their buck' by victimizing many organizations at once.
- Nation-state involvement — High-profile attacks such as those against SolarWinds and Microsoft Exchange were believed to be instigated by nation-state actors. These are thought to be more motivated by espionage rather tahn financial gain but these exploits eventually make their way into criminal hands.
Tips for cyber insurance buyers in 2022
Insurance pricing forecasts are based on industry reports for various lines of insurance. These are not a guarantee or premium rates and should only be viewed as general information (not insurance or legal advice). According to Zywave's 2022 P&C Market Outlook, various lines of insurance
coverage are expected to rise but some more than others. On average, we are seeing rates with some companies renew 10-20% higher than the prior year. Some companies have taken rate increases of 40-70% for certain businesses.
DO NOT PANIC! We have outlined a number of factors that have made the insurance buying process complex and it may feel unpredictable. While it may seem that rate increases will continue through 2022, there are steps your business can take to be better prepared for a cyber incident, avoid large renewals, and have a more predictable premium to budget for.
- Plan ahead and with ample time to take inventory of your current cyber and data liability needs, make adjustments and seek other potential solutions.
- While many of our clients experienced large renewal increases, we have multiple top cyber markets to work with. We have been able in most cases to find an alternative solution with similar coverage without the significant increase.
- Work with an independent agent that has the knowledge and access to markets to help provide you with options. Your agent is your direct line of communication to the company and has established relationships with the underwriters.
- Be sure your agent understands the different types of cyber coverage available and secure a policy that suits your unique needs. Carefully determine whether standalone coverage is necessary.
- This means to have information available, be honest and up front with your agent so they can help protect your exposures.
- Top O' Michigan acts as your 'expert buyer of insurance' and can help navigate this process with you.
- Be prepared that cyber insurance carriers are going to require more information than they typically have in prior years.
- This means that you may be required to clarify information submitted, or specify more details on your data security measures in place, or the types of data you are responsible for.
- Top O' Michigan has developed and maintained strong partnerships in the marketplace. That means we have multiple solutions that help us to provide the information and tools to our clients so they can become better cyber risks.
- Be proactive with your risk management plan. Be sure to address any potential loss control recommendations such as employee cyber training, utilizing cyber security firms or experts to protect your business, using methods of risk transfer including contracts, or improving data security.
- Take advantage of loss control services offered by insurance carriers to help strengthen cyber measures.
- Focus on employee training to prevent cybercrime from affecting your operations. Employees should be aware of the latest cyber threats and ways to prevent them from occurring.
- Establish an effective, documented cyber incident response plan to minimize damages amid a cyberattack.
- Consider supply chain exposures when establishing your organization’s cybersecurity policies.
- Adopt controls to help in reducing your cyber risk exposure such as multifactor authentication (MFA), privileged access management (PAM), email filtering and web security, endpoint detection and response (EDR) and more.
For more risk management guidance or questions about your policy's coverage limits, contact us today.
More Industry News
Want to stay up to date on the latest community and insurance news? You can find more on important topics on our blog.
About Top O' Michigan Insurance Solutions:
At Top O’ Michigan Insurance Solutions, we pride ourselves on using our skills to provide clients with competitive pricing, stability and understanding, and peace of mind. With seven locations throughout Michigan and 24/7 client access, our team is your 'expert buyer' of insurance for home, auto, farm, boat, motorcycle, business owners, workers compensation, bonds, life and health, employee benefits and more.
We will provide unparalleled and caring service to our clients through our knowledgeable staff and give back to our employees, agency, industry and our communities. Part of our mission is to give back to the Michigan communities we serve. This is something we take action on through We Care and you can learn more about our community outreach at TOMIA247.com/WeCare.
National Resources, Locally Sourced.
Disclaimer: This Blog/Web Site does not provide insurance or legal advice. This site is for educational purposes only as well as to provide you with general information and a general understanding of insurance, not to provide specific legal advice or specific contract advice. Viewing this site, receipt of information contained on this site, or the transmission of information from or to this site does not constitute a client relationship.
The information on this Blog/Web Site is not intended to be a substitute for professional insurance or legal advice. Always seek the advice of a licensed agent in your state pertaining to insurance and legal issues.
Author: Tyler Bartosh
Sources: Zywave, Hiscox Cyber Readiness Report 2021, IBM.com, Cybersecurityventures.com
Share on Facebook
Comments
There are currently no comments
New Comment