Following a turbulent year, it is hardly an exaggeration to say that the insurance market is in full blown chaos. Rates are higher, claims are up, and the market continues to harden. As we brace for what promises to be another challenging year, let’s take a closer look at the state of cyber as it stands right now.
In the first half of 2020, clients could still expect the usual rate increases year over year, which would typically be in the 1-2% range. In the second half of the year, however, we saw rates jump suddenly to 18%, then 29% by the fourth quarter. In 2021, average increases in the market are expected to be in the 30-40% range, and we can’t yet predict when they will stabilize.
There are several factors contributing to this surge. The cyber insurance market has been in hyper growth mode for the last 5-6 years, with increased awareness on cyber risk. Underwriters, reluctant to create any barriers to entry, had been writing broad policies to encourage more clients to invest in cyber insurance. This also meant that on occasion premiums have been priced below levels that align with the actual risks.
Frequency of all cyber incidents are up and as we have covered previously, ransomware has become the most prevalent type of incident. Due to this shift, the cost profile of an average claim has often increased by a magnitude of ten times and this has had a direct impact on insurers’ profitability. We are also seeing that events can have a systemic impact on the entire market and cause financial damage that would have been considered an anomaly before recent events. When a cyberattack like that of SolarWinds or Blackbaud occurs it isn’t just one business that is impacted – it could be thousands, all of whom will be filing claims with their carriers. Insurers are now being much more conservative in their underwriting to avoid the potential fallout from multiple policyholders being hit by the same incident.
The cyber insurance boom has shifted, like the rest of the industry, to a hard market. Cyber underwriters are much more diligent in 2021, managing capacity and pulling back on the breadth of coverage, particularly for ransomware attacks. One of the main reasons behind the coverage pullback is that there is now simply too much unpredictable risk involved.
The onus is primarily on insureds right now to demonstrate that they have the proper controls to reduce the probability of having a cyber incident. Multifactor authentication is an absolute must-have, as is vendor due diligence. Companies should also demonstrate that they are regularly training employees to recognize threats, and that they have an incident response plan in place.
Underwriters are going to feel better about companies that have the right protections in place, so it will be critically important for clients to be able to demonstrate that they are doing all the right things. This is why we recommend employing a specialty broker that knows the market well and can leverage their experience to negotiate the best solution. With market factors working against clients, it is more important than ever to make sure you are leveraging the best tools to secure coverage at a reasonable price.
Want to learn more or get in touch with one of our specialty brokers?
Find me on LinkedIn, here.
Connect with the Risk Strategies Cyber Risk team at firstname.lastname@example.org.
Email me directly at email@example.com.