State of the Insurance Market

2024 Initial Outlook:
Cyber Insurance

Let's Talk

Market Updates

The cyber landscape continues to evolve rapidly. While capacity remains, ransomware attacks are resurging, raising insurers’ concerns. Organizations with strong security controls are seeing stable rates; however, those with average to weak controls may experience rate increases.

The recent SEC cyber disclosure rules could lead to increased regulatory investigations and lawsuits brought by shareholders if certain companies fail to report material cyber events. Businesses with government contracts may face greater cyber insurance requirements.

Insurers are keeping a close watch on artificial intelligence (AI). New AI tools are aiding in cyber risk management, but cybercriminals can also leverage AI to do harm. Risk Strategies anticipates that cyber liability insurance contracts in 2024 will contain new requirements around AI usage and governance. Companies using AI tools to improve cybersecurity may qualify for better rates and terms.

Rate Forecast
Cyber — Entities with Good Control: -10% to Flat
Cyber — Entities with Poor Control: +5% to +10%

Recommendations

We recommend starting the renewal process 150 days prior to expiration and having a constant dialogue with your broker throughout the year. Clients with better controls, policies, and procedures are receiving preferred rates, and those without may be declined. Implementing the following could help with securing renewals and keeping rate increases to a minimum:

  • Multi-factor authentication (MFA) for remote access and privileged accounts. MFA uses a two or more-authentication verification system to give users access to accounts, applications, VPNs, and more. MFA goes beyond a username and password for additional verification, mitigating cyber threats.
  • Endpoint detection and response (EDR) provides real-time visibility across all endpoint activity by detecting red flags such as malicious behavior. Additionally, it can analyze endpoint data and respond to threats.
  • Security training to help employees recognize common cyber threats, such as phishing scams, social engineering, poor password hygiene, and other risks.
  • Frequent, secured, encrypted, and tested backups for important records and data to be stored offsite, including business contracts and licenses, meetings, patents, trademarks, shareholder stock records, and all important documents.
  • Privileged access management (PAM) to mitigate the risk of privileged access. The core capabilities of PAM include discovery of privileged accounts across multiple systems, infrastructure, and applications; credential management for privileged accounts; credential vaulting and control of access to privileged accounts.
  • Email filtering and web security to eliminate spam. This basic, but important, filtering system should be seen as a foundation of cybersecurity, analyzing emails for phishing and other red flags, and dumping them into a separate folder.
  • Patch management and vulnerability management in tandem, to unveil and prioritize risks based on their individual threat level, as well as amending said risks by automatically upgrading software to its most recent version.
  • Incident response plans to allow an organization’s IT team to detect any red flags and provide the time necessary to respond and recover from incidents, such as service outages, cyberattacks, or data loss.

Explore the Report

The contents of this report are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.