Compliance

What's Changing in the Cybersecurity Insurance Market?

January 10, 2023

Cybersecurity insurance is still a relatively new concept for many small and mid-sized businesses. It was initially introduced in the 1990s to provide coverage for large enterprises against data processing errors and online media liability. Since then, policies have evolved significantly. Today's cyber insurance covers the typical costs of a data breach, including remediating a malware infection or compromised account. Covered expenses can include recovering compromised data, repairing computer systems, notifying customers, providing personal identity monitoring, IT forensics to investigate the breach, legal expenses, and ransomware payments.

Data breach volume and costs continue to rise. 2021 set a record for the most data breaches ever documented, and in the first quarter of 2022, breaches were up 14% over the prior year. About 60% of small businesses close within six months of a cyber incident. The cybersecurity insurance industry is evolving rapidly in response, and businesses need to keep up with these changes to stay protected.

Demand Is Going Up. The global average cost of a single data breach is now $4.35 million, and in the United States it rises to $9.44 million. As those costs continue to climb, so does demand for cybersecurity insurance. Companies across all industries are recognizing that cyber coverage is as essential as general business liability insurance. With demand increasing, more policy options are becoming available, which is good news for those seeking coverage.

Premiums Are Increasing. The surge in cyberattacks has led to a corresponding surge in insurance payouts, and carriers are raising premiums to keep pace. In 2021, cyber insurance premiums rose by 74%. The costs from lawsuits, ransomware payments, and remediation are driving this increase, and carriers are not willing to absorb those losses. This means coverage is simultaneously more necessary and more expensive than ever before.

Certain Coverages Are Being Dropped. Some carriers are dropping coverage for nation-state attacks, which are attacks that originate from or are connected to a government. Since many governments have ties to known hacking groups, a ransomware attack hitting consumers or businesses can fall into this category. In 2021, 21% of nation-state attacks targeted consumers and 79% targeted enterprises. Ransomware coverage is also being removed from some policies. Between Q1 and Q2 of 2022, ransomware attacks increased by 24%, and carriers are no longer willing to pay out for clients who have not taken adequate precautions. This puts a greater burden on organizations to ensure their backup and recovery strategy is solid.

It Is Harder to Qualify. Qualifications for cybersecurity insurance are becoming more rigorous. Carriers are scrutinizing applicants for evidence of good cyber hygiene before agreeing to provide coverage. Factors they consider include network security, use of multi-factor authentication, device and BYOD security policies, advanced threat protection, automated security processes, backup and recovery strategy, administrative access controls, anti-phishing tactics, and employee security training. Applications typically include a detailed questionnaire, and it is a good idea to have your IT provider help you work through it. Strengthening your security posture before applying can lead to better coverage terms and lower premiums.

Need Help Making Sense of Cybersecurity Insurance?

Cybersecurity coverage and insurance applications can be complex. Answering a question incorrectly could result in paying more in premiums than necessary or finding that a claim is denied when you need it most. The team at Cyber One Solutions can explain policy details, help you prepare your application, and identify security improvements that can reduce your risk and your costs. Contact us today to schedule a consultation.