Driven by an uptick in cyberattacks, 2021 marked yet another difficult year for the cyber insurance marketplace. Businesses witnessed a 50% increase in attacks on a weekly basis in 2021 compared to 2020, and according to IBM’s Cost of a Data Breach Report 2021, the average total cost of a data breach increased to $4.24 million.
Of these cyberattacks, phishing accounted for about 90% of reported security incidents. Unfortunately, phishing often goes hand in hand with ransomware attacks. In the United States, there was a 127% increase in ransomware attacks, with the United States Treasury Department reporting that the average ransomware transaction per month in 2021 was $102.3 million.
And cyberattacks are showing no signs of slowing down in 2022. The Russia-Ukraine conflict is a concern for American government officials who fear that the United States will see an even greater uptick in Russian state-sponsored cyberattacks on its businesses and infrastructure as a response to the United States imposing severe sanctions on Russia in support of Ukraine.
With the frequency, sophistication, and severity of cyberattacks growing every year, more businesses are turning to cyber insurance for financial protection from malicious actors. This means that an already strained cyber insurance market is bracing itself for yet another difficult year. Though cyber insurance is becoming a must-have coverage for businesses, growing demand paired with a surge in attacks means that carriers have less appetite for cyber risk.
As of January 1, 2022, the cyber insurance loss ratio (insured losses divided by premium) for 2021 could go as high as 80%, and this is before accounting for all 2021 losses. Because of market conditions, in 2022, policyholders can expect to see 15% to 50% in rate increases, coverage restrictions, and exclusions for specific cyber events.
Policyholders can also expect to undergo an even more rigorous underwriting process. Insurers have become extremely particular with their risk selection, which means that policyholders need to be able to answer more questions and provide documentation about their cyber security programs.
In 2022, carriers will be taking a closer look at these key areas during the renewal process:
- Vendors’ Cybersecurity Posture: Though many organizations have now adopted the use of multifactor authentication to protect their virtual systems, in 2022 carriers are beginning to look at third-party vendors and their security posture. More often, policyholders are having to show that they and their vendors have the appropriate cybersecurity measures in place to reduce the possibility of a loss. This is especially important in situations where a third-party vendor handles sensitive information.
- Incident Response Plans: Carriers want to know what an organization’s incident response plan looks like. In the unfortunate event of a cybersecurity breach, having a response plan in place shows the insurer that potential losses will be easier to remediate and cost them less money. Policyholders who did experience a breach and are up for renewal need to be able to walk the carrier through their remediation process and prove that they were able to rectify the situation.
- Employee Cybersecurity Education: Considering how 88% of data breach incidents are caused by human error, it’s no wonder carriers want to see policyholders have employees regularly undergo cybersecurity training. Cybersecurity training should teach employees how to identify popular attack types and stimulate attacks so that employees don’t fall for malicious actors’ tricks.
Policyholders who are unable to prove that they have the right cybersecurity measures in place or who have experienced cyber events may find it difficult to find coverage. Partnering with an experienced broker that can help implement a cybersecurity strategy to better position a business’ risk profile to underwriters is crucial to helping you secure the right coverage.
Connect with us today to learn how we can give you the right tools and information to help improve your cyber risk.
