INDUSTRY WATCH
CYBER INSURANCE PROVIDERS ARE BECOMING MORE RESPONSIVE TO SPECIFIC CYBERSECURITY THREATS .
It used to be relatively easy for companies to secure cyber insurance . Indeed , many insurers leveraged cash-flow underwriting on cyber policies in order to pad out their books with premiums and , as a result , brokers were generally able to secure blanket cyber coverage for their clients at a good price .
However , with arguments over whether this insurance model was ever going to be sustainable in the long-term aside , evolving cyberthreats are testing organizations ’ resiliency .
In response , cyber insurance providers are becoming more versed in and responsive to specific cybersecurity threats , triggering shifts in insurance trends . In particular , the current ransomware threat landscape means not only is the cyber insurance bubble set to burst , the whole system is at risk of destabilising entirely .
The threat of ransomware attacks is escalating in terms of both volume and monetary value . When REvil operators exploited a bug in the Kaseya VSA software back in July , the criminals requested US $ 50 million for the universal decryption key . To put this into context , one estimation of all the ransomware extortion payments for 2020 was totalled at US $ 350 million .
One contributing trend here is that the pandemic has forced many organizations to move to the cloud sooner than anticipated to enable their rapidly growing remote workforce , dramatically increasing the vulnerability of many of them to cybercrime .
Cyber insurance bubble about to burst ?
While the need for cyber insurance has never been clearer , faced with the increased demands of ransomware victims , insurers aren ’ t as ready to provide it . Cyber insurance is a relatively new facet of the insurance industry and it seems it was only intended by insurers as being for unforeseen , unlikely and novel catastrophic events .
But as the industry ’ s loss ratio rose for the third straight year in 2020 , climbing more than 25 percentage points year over year to 72.8 %, and ransomware events jumped 93 % in the first half of 2021 , something clearly has to change . Ransomware is neither unlikely or novel any longer , but rather has become a commoditized threat .
An intensified underwriting process is making life difficult
Unsustainable loss ratios have inevitably led carriers to intensify the underwriting process for cyber insurance . On the face of it , they are increasing premiums for less coverage and higher deductibles .
Looking at the process in more detail , carriers are also becoming much more vigilant about the controls that need to be in place in order to sell cover , while brokers are also reporting that all insurance markets are asking for higher security standards . Insurers are asking more questions about organizations ’ cyberrisk posture and adding more exclusions .
While there are no signs of insured companies wanting to drop coverage , if carriers don ’ t like anything they find during the underwriting process , apart from increasing premiums or cutting limits , they are becoming increasingly likely to simply walk away .
To make things even harder for organizations seeking coverage , insurance companies have realized they also need to diversify . Companies exist in a cyber ecosystem and attacks on one company can have a huge knock-on effect .
For example , a single ransomware attack on a third-party provider could be catastrophic ; carriers who insured many companies using the SolarWinds
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 73