February 23, 2021
You are about to leave Risk Strategies website and view the content of an external website.
You are leaving risk-strategies.com
By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.
Following a turbulent year, it is hardly an exaggeration to say that the insurance market is in full blown chaos. Rates are higher, claims are up, and the market continues to harden. As we brace for what promises to be another challenging year, let’s take a closer look at the state of cyber as it stands right now.
Rate Increases
In the first half of 2020, clients could still expect the usual rate increases year over year, which would typically be in the 1-2% range. In the second half of the year, however, we saw rates jump suddenly to 18%, then 29% by the fourth quarter. In 2021, average increases in the market are expected to be in the 30-40% range, and we can’t yet predict when they will stabilize.
There are several factors contributing to this surge. The cyber insurance market has been in hyper growth mode for the last 5-6 years, with increased awareness on cyber risk. Underwriters, reluctant to create any barriers to entry, had been writing broad policies to encourage more clients to invest in cyber insurance. This also meant that on occasion premiums have been priced below levels that align with the actual risks.
Claims
Frequency of all cyber incidents are up and as we have covered previously, ransomware has become the most prevalent type of incident. Due to this shift, the cost profile of an average claim has often increased by a magnitude of ten times and this has had a direct impact on insurers’ profitability. We are also seeing that events can have a systemic impact on the entire market and cause financial damage that would have been considered an anomaly before recent events. When a cyberattack like that of SolarWinds or Blackbaud occurs it isn’t just one business that is impacted – it could be thousands, all of whom will be filing claims with their carriers. Insurers are now being much more conservative in their underwriting to avoid the potential fallout from multiple policyholders being hit by the same incident.
Hard Market
The cyber insurance boom has shifted, like the rest of the industry, to a hard market. Cyber underwriters are much more diligent in 2021, managing capacity and pulling back on the breadth of coverage, particularly for ransomware attacks. One of the main reasons behind the coverage pullback is that there is now simply too much unpredictable risk involved.
The onus is primarily on insureds right now to demonstrate that they have the proper controls to reduce the probability of having a cyber incident. Multifactor authentication is an absolute must-have, as is vendor due diligence. Companies should also demonstrate that they are regularly training employees to recognize threats, and that they have an incident response plan in place.
Underwriters are going to feel better about companies that have the right protections in place, so it will be critically important for clients to be able to demonstrate that they are doing all the right things. This is why we recommend employing a specialty broker that knows the market well and can leverage their experience to negotiate the best solution. With market factors working against clients, it is more important than ever to make sure you are leveraging the best tools to secure coverage at a reasonable price.
Want to learn more or get in touch with one of our specialty brokers?
Find me on LinkedIn, here.
Connect with the Risk Strategies Cyber Risk team at cyber@risk-strategies.com.
Email me directly at rrosenzweig@risk-strategies.com.
The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.