Worrying Trends in Cyber Insurance

There are several trends emerging in the cyber insurance industry that are worrying for mid-size and local entities. These trends are largely a response to the havoc ransomware has caused across industries in the last 18 months. The emerging trends can be summed up as:

  • Prices are increasing, in many cases in the range of 2x-4x
  • Renewal and acceptance rates for policies are going down, in many cases, by 40%-60% compared to previous years
  • Entities seeking cyber insurance are receiving more scrutiny

The first two trends on that list are pretty self-explanatory for anyone who’s ever dealt with insurance. Risk goes up, prices go up, and coverage options go down. That is largely unavoidable due to the massive increase in ransomware activity over the last couple of years. What is avoidable is being denied cyber insurance. Just because the insurance companies are denying more policies doesn’t mean that you can’t get coverage.

An additional factor to keep in mind is that target sectors like professional services and healthcare are at an increased risk and are therefore receiving increased scrutiny.

Ransomware risk is now the #1 reason for the denial of a cyber insurance policy. There are a number of factors driving this trend. Ransomware is the single most significant driver of cyber insurance payouts, not just for the ransom but also for all the other associated breach costs and fees that go along with it. Claim rates are climbing, and there doesn’t appear to be any end in sight for this criminal activity.

Given that insurance companies are increasing their scrutiny for cyber insurance policies and pricing the increased risk, it makes sense to look at the straightforward things that they’re considering when deciding to issue a policy or a ransomware supplement to an existing policy.

Three factors to consider to increase your odds of getting or retaining coverage:

  1. How well is your organization prepared for ransomware? Can you recover your data after a ransomware attack? Has your organization gone through tabletop exercises or risk assessments to quantify your risk and resiliency to a ransomware attack? Being able to show that preparation increases your odds of retaining or acquiring a cyber insurance policy.
  2. Ensure that your cyber hygiene is good. So many breaches are due to nothing more than mere sloppiness. Is your organization ensuring that patches and multi-factor authentication are in use and that Endpoint Detection and Response is deployed?
  3. Security improvement. Given the ever-changing cybersecurity environment, proving that an organization is committed to continuously improving their security posture increases the odds of obtaining a policy.

Ransomware isn’t going away anytime soon. There is no silver bullet. Given the changing landscape, maintaining a cyber insurance policy is more important than ever. The more prepared you are, the better your coverage, and the lower your rates will be. If you have questions about IT security or the cyber-threats facing you organization, call ITPAC today.