Changes in the Cyber Insurance Market

For many Small and Medium-size Businesses (SMBs), this insurance niche is still a fairly new and unfamiliar concept. Avoid the concept that you don’t need it because you pay for ‘excellent IT support.’ Any employee can be tricked into causing a breach.

In tracking the history of Cybersecurity Insurance, when it was introduced in the 1990s, it was initially formulated to provide coverage for large enterprises, covering things like data processing errors and online media.

Since that time, the policies for this type of liability coverage have changed. These days, cyber insurance policies usually cover the typical costs of a data breach, including remediating a malware infection or compromised account.

All policies vary, but generally, they will cover the costs involved with things like:

Recovering compromised data

Repairing computer systems

Notifying customers about a data breach

Providing personal identity monitoring

IT forensics to investigate the breach (separate from your own IT services provider)

Legal expenses

Ransomware payments

Data breach volume and the associated costs continue to rise. According to NASDAQ, 2021 set a record for the most recorded data breaches in a year, and breaches have continued to snowball. In the first quarter of 2022, breaches were up 14% over the prior year.

Are small businesses vulnerable to cyber attacks?

Every business is vulnerable. Small, mid-sized, or large: they are all targets. Small businesses often have more to lose than larger enterprises as well as they do not have the same ability to absorb losses. About 60% of small businesses close down within 6 months of a disastrous cyber incident.

It is not uncommon for very small businesses of less than ten employees to forego the cost of ongoing IT Support. Often, a friend or relative with a little ‘know-how’ pitches in when needed. This situation does not typically ensure the best security measures.

The changes in this type of insurance are caused by the increase in online danger and rising costs of a breach. The Cyber Insurance industry evolves in relation to the aspects of the threats and ensuing liabilities. Businesses need to keep up with these trends to ensure they can stay protected.

Here are some of the cyber liability insurance trends you need to know about.

Demand is Increasing

As documented by IBM, the global average cost of a data breach in 2022 was $4.35 million. In the U.S, it’s more than double that, at $9.44 million. As the associated costs continue to balloon, so does the demand for cyber insurance.

Companies of all types and sizes are realizing that cyber insurance is crucial to the continuing viability of their enterprise. It is every bit as important as their business liability insurance. Without that protection, they can easily go under in the case of a single data breach.

With demand increasing, look for more availability of cybersecurity insurance. This also means more policy options, which is good for those seeking coverage.

Increasing Premiums

With the increase in cyber-attacks has come an increase in insurance payouts. Insurance companies are increasing premiums to keep up. In 2021, cyber insurance premiums rose by a staggering 74%, but calmed down a bit in 2022.

This increase has been driven by the costs from lawsuits, ransomware payouts, and other remediations. Insurance carriers aren’t willing to lose money on any type of policy, let alone cyber policies, so it stands to reason that those policies will get more expensive – especially since they are more necessary now than ever.

Certain Coverages are Being Dropped

Some types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for ‘nation-state’ attacks - those that come from a government.

Many governments have ties to known private hacking groups – Russia is the most prolific, whereas China and the US maintain state agencies for this job. A ransomware attack that hits consumers and businesses can very well land in this category.

In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. So, if you see that an insurance policy excludes these types of attacks, be very wary.

Another type of attack payout that is being dropped from some policies is Ransomware. This is an alarming trend that any decent IT services provider should be aware of, because Ransomware has been on a dramatic rise since early 2020. Between Q1 and Q2 of 2022, ransomware attacks increased by 24%.

It is not cost-effective for insurance carriers to pay the ransom for clients. So many are excluding these payouts from policies. This puts a bigger burden on organizations. They need to ensure their backup and recovery strategy is well planned – which they should ALREADY be doing.

Qualifying is Becoming More Difficult

Just because you want cyber insurance, does not mean you are going to qualify for it. Qualifications are becoming stiffer. Insurance carriers aren’t willing to take chances. Especially on companies with a poor history of cyber hygiene. Think of trying to get automobile insurance when you’ve received ten traffic citations and caused five collisions in the last two years. Good luck with that.

Some of the factors that insurance carriers look at include:

Network security

Use of things like multi-factor authentication

BYOD and device security policies

Advanced threat protection

Automated security processes

Backup and recovery strategy

Administrative access to systems

Anti-phishing tactics

Employee security training

Often, you will be required to fill out a long questionnaire when applying for cyber insurance. The proposed insurer will specifically want to know what network security measures are in place. It is highly recommended to have your IT services provider help you with this.

As you review the questions, your IT support can identify security deficiencies and suggest enhancements (if they are worth their salt, robust defenses should already be in place). Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums.

It pays to do this type of security review before applying for cyber insurance, as it can save you time and money. It can also fortify your defenses against cyber-attacks.