Attacker sophistication and evolved technology continue to elevate the frequency and severity of cyber incidents. This has influenced a continued increase in cyber insurance claims and subsequent underwriting losses. Policyholders experienced higher cyber insurance rates in 2022 amid these market conditions. Some insureds with unique digital exposures or poor loss control measures were hit with 50 to 100% rate increases. Policyholders have also experienced coverage restrictions, underwriting scrutiny of cybersecurity practices and exclusions for certain cyber incidents (e.g., cyber warfare, ransomware). Looking into 2023, industry experts anticipate difficult market conditions along with new segment entrants will create an increasingly volatile and unpredictable cyber insurance space.
Cyber Liability Developments & Trends to Watch
Alarming Rise in Nation-State & Supply Chain Threats
As the Russia-Ukraine war continues to influence global cyberwarfare, nation-state cyberattacks remain a major concern. Organizations have been forced to address supply chain vulnerabilities as nation-state attacks often arise from third-party exposures.
Constricting Underwriting Standards
Cyber insurance carriers continue to adjust their underwriting practices to offset the risk of costly payouts. Specifically, the heightened severity of cyber incidents has prompted carriers to be more discriminatory of the organizations they will insure and coverable losses.
Evolving Regulation Landscape
Businesses are being held more accountable for cybersecurity weaknesses. The federal government and numerous states have implemented and enforced stricter data privacy and breach notification laws. In 2021, Virginia and Colorado introduced tightened legislation that emulates the California Consumer Privacy Act and Europe’s General Data Protection Regulation. Additionally, states such as Connecticut, Nevada, Texas and Mississippi established personally identifiable information (PII) laws that widened the definition and increased exposure penalties. Businesses must prioritize compliance as these laws are expected to continue to evolve during 2023.
New Year, New Ransomware Concerns
Ransomware attacks entail cybercriminals that compromise a device or server and demand a large payment before they restore the technology and stored data. While organizations of all sizes and industries are impacted, small- and medium-sized establishments are most vulnerable. These attacks often carry costly losses for substantial payment demands and recovery efforts. International software company Acronis’s latest Cyberthreat Report predicts that global ransomware damages will exceed $30 billion in 2023. As cybercriminals grow more sophisticated, your company should expect additional attack methods and extortion methods.
Malicious Business Email Compromise (BEC) Risks
A business email compromise (BEC) scam entails a cybercriminal who impersonates a legitimate source (e.g., senior-level employee, supplier, vendor, business partner) through email. A major threat to businesses across all industry lines, these scams are among the most expensive forms of social engineering losses. According to the Federal Bureau of Investigation (FBI), BEC scams have increased by 39% since 2020, contributed to $2.4 billion in annual losses across the U.S. and cost an average of $120,000 per incident.
Tips for Cyber Insurance Buyers
- Partner with your broker to understand available cyber coverages and secure a policy that suits your unique needs.
- Strengthen your cybersecurity measures with loss control services provided by insurance carriers.
- Conduct routine employee training to prevent cybercrime from affecting your operations. Educate employees about the latest cyber threats and preventive tactics.
- Consider implementing cybersecurity controls, such as multifactor authentication (MFA), endpoint detection and response (EDR) solutions, network segregation and segmentation, remote desk protocol (RDP) safeguards, end-of-life (EOL) software management and email authentication technology.
We’re Here to Help Prevent Cyber Exposures
Experts predict a 25 to 100% increase in cyber insurance premiums in 2023. Fortunately, you’re not in this alone. We’re here to help you understand the current cybersecurity market and implement risk management strategies to protect your organization. If you have more questions about your cybersecurity insurance coverage or the status of the market, connect with a member of our team.