3 Cyber Insurance Factors to Consider in a Post-Pandemic World
The rise of cyber insurance directly written premiums (DWP) accelerated in 2020 and is expected to continue through 2021. According to data collected from cyber insurance additional disclosures in statutory financial statements, Fitch predicts that industry DWP for cyber coverage in solo and package policies would rise by over 22% to about $2.7 billion in 2020.
Written premiums for standalone internet coverage rose by 29% year over year, indicating increasing demand for specialized cyber protection and insurers’ interest in minimizing coverage uncertainty concerning cyber risks contained in package policies. The request is being pushed by businesses of all sizes’ increasing demand for risk analysis expertise and insurance cover due to the surge in network breaches, data theft, and ransomware events over the past two years.
The financial repercussions have been severe. Ransoms have skyrocketed from five-figure sums to millions, including a claimed $10 million payment by Garmin. Ransom money was much higher before being bargained down, according to my international clients.
Faced with the possibility of significant financial loss due to an attack, C-suites worldwide have resorted to cyber insurance. Insurers are providing more insurance and increasing the amount of protection offered. According to statistics exclusive to the team I manage, the global insurance industry will see the first — and second — cyber insurance program with a value of more than $1 billion in 2020.
The changing business world
The years of rapid development in cyber insurance were insufficient to create a solid understanding of how much security businesses should purchase. Indeed, the majority lack adequate cyber insurance or none at all. According to internal research done by PCS, companies having at least $400 million in insurance companies accounted for slightly more than 20% of the estimated $57 billion in worldwide cyber insurance premium — or approximately $1.35 billion in compensation.
With about 250 businesses purchasing at least $300 million in coverage, it would take just five insured losses totaling somewhat more than that much to wipe out an entire year’s premium. That is just 2% of the market’s businesses purchasing that much coverage. That kind of damage would very certainly take decades for insurance to recoup.
When faced with an increasingly difficult market, companies with risk management and cybersecurity strategy that has been implemented and is well-received will find a better reception for their products in the market. There is a widening disparity between top performers and underperformers. The increased use of data on the best methods of cyber hygiene by underwriters means they are much more careful about how they make their risk selections. Businesses with strong cybersecurity are given special rewards, such as cybersecurity signals, to evaluate their cyber maturity better.
Short-Term Enterprise Security Plans
Businesses looking to purchase cyber insurance face a fairly stressful region shaped by low protection costs and insurers taking on a high level of risk. That is the kind of calculation that results in the cutbacks in an allotted capacity that we are now seeing. However, the underlying problem will persist and evolve, and businesses will need to manage those threats, including securing insurance coverage. Due to the immediate and frequent cyber danger and the industry’s lack of expertise — recall, the sector is still in its infancy — there is no simple solution to repair the market.
One of the most significant impediments to resolving the cyber insurance industry’s structural issues is insurers’ excessive reliance on reinsurance. Reinsurance — another term for insurance for insurers — enables insurers to transfer risk to another source of capital. Similar to how you would contact your insurer in the event of a claim, underwriters may seek assistance from reinsurers. Additionally, insurers surrender about 50% of the premiums they earn to the tangible cost in the event of cyber. As a result, they do not retain as much danger as you would believe.
Overcoming Security Challenges
In the insurance business, improper pricing may result in losses that carriers cannot pay, resulting in bankruptcy. When estimating the costs and risks of cyberattacks and setting policy pricing, cyber insurance companies confront various difficulties.
To begin, insurance firms depend on data to predict risks and set policy premiums. However, since the cyber insurance industry is still in its infancy, there is a scarcity of data. Insurers struggle to generate reliable insurance cost estimates in the absence of adequate data. As a consequence, existing cyber insurance premiums may not properly represent the risk assumed by insurers or the possible damages covered.
Additionally, cyber threats are continuously changing, which implies that the risks faced by businesses must change as well. This complicates the insurance market’s ability to keep up with cyber risk developments and insurers’ ability to underwrite digital policies.
Thirty years of human history have shown that cyber risk is hard to decipher, difficult to hedge, likely to increase, and defined by an ever-changing threat environment. Tomorrow’s cyberattacks may appear quite different from today’s — as demonstrated by 2020’s ransomware outbreak compared to the breaches of 2015 to 2017. To react to this unique danger, insurers must develop a level of confidence with committing capital to the sector, which will fluctuate over time until the industry’s body of knowledge matures enough to regard cyber as mature classes of business. Until then, companies must make protective investments while collaborating with their underwriters to expand the kinds and quantities of insurance available. As a buyer, nothing beats having a game plan.
North America led the global cyber healthcare market in 2018 and is projected to continue to do so throughout the forecast period. The main drivers driving the market in this area include the increasing prevalence of malware attacks such as Wannacry and NotPetya in the United States, which have raised awareness about the critical nature of cyber insurance. Additionally, the nation implemented the Guidelines (GDPR) in May 2018, expediting the establishment of stringent legal frameworks for data protection via the use of cyber insurance.