Cyber claims increase as Gallagher Re warns of complex settlement challenges

Survey notes longer claim settlements for large firms amid rising risks

Cyber claims increase as Gallagher Re warns of complex settlement challenges

Reinsurance

By Kenneth Araullo

Gallagher Re has released insights from its second Cyber Loss Trend Survey, providing an analysis of the evolving cyber risk landscape and how insurers are responding.

The survey addresses key questions around ransom payments, factors influencing claims frequency, and the possible future trajectory of various cyber incidents. As cyber threats become more sophisticated, Gallagher Re highlights the ongoing challenges insurers face in adapting policy wordings and underwriting approaches, even as improvements in cyber hygiene are slowly reflected in claims data.

According to Gallagher Re, while cyber insurance rates have seen consistent declines over the past year, there are concerns that this trend may weaken the performance of re/insurers if the threat landscape remains stable or worsens.

Over the past 12 months, Gallagher Re found that 59% of survey participants observed an increase in claims frequency, with 24% noting a decrease and 17% seeing no change. For severity, 71% reported an increase, while 12% saw a decrease and 17% observed no change.

Most insurers are outsourcing their incident response capabilities, and over half now notify insured parties about critical vulnerabilities or ongoing cyber incidents. Additionally, Gallagher Re notes that the majority of insurers are classifying claims based on high-level categories, such as malware, data breach, and network incidents.

Gallagher Re's findings indicate that cyber claims are taking longer to settle, particularly for larger companies, due to increased complexity and the potential for class action litigation in the United States. This extended settlement timeline has become a primary concern for insurers, impacting how they manage risk and allocate resources.

Looking ahead, Gallagher Re’s survey suggests that double extortion attacks are expected to increase throughout 2024, while traditional ransomware attacks may see a decline. Data-related incidents, such as business email compromise (BEC) and fund transfer fraud (FTF), are anticipated to grow over the next year.

For network and provider-related incidents, most participants expect continued incidents involving third-party infrastructure and increased scrutiny on non-malicious service provider events, following recent high-profile cases like the CrowdStrike incident.

Gallagher Re also highlights the ongoing vulnerabilities faced by small and medium-sized enterprises (SMEs), which generally have lower frequency claims due to a smaller attack surface but may experience proportionally greater impact from successful attacks due to limited cyber defenses.

Despite these challenges, lower revenue and dollar limits for SMEs tend to reduce the overall impact on business interruption (BI) and total losses.

Concerns in coverage

The report identifies three primary themes shaping the cyber insurance market: ransomware trends, wrongful data collection, and artificial intelligence risks. Gallagher Re notes that ransomware attacks, especially targeting smaller businesses, continue to evolve, with a decline in ransom payments as organizations increasingly resist paying.

However, some entities still choose to pay ransoms to minimize business interruption or reputational damage. In the future, law enforcement actions and regulatory measures may further restrict ransom payments, impacting ransomware's profitability.

For wrongful data collection claims, coverage trends have become stricter in response to heightened awareness of privacy risks. As the market softens, Gallagher Re suggests that exclusions related to wrongful data collection may be applied less frequently to retain business.

In the area of artificial intelligence, participants in Gallagher Re’s survey expressed concerns about AI-related vulnerabilities, including data poisoning and exploitation risks.

While the role of AI in cyber defense and attacks remains uncertain, the survey emphasizes the importance of diligence in implementing AI tools to minimize risks without assuming that either attackers or defenders hold a significant advantage through AI use.

What are your thoughts on this story? Please feel free to share your comments below.

Keep up with the latest news and events

Join our mailing list, it’s free!