The ransomware crisis has started to overwhelm the cyber insurance industry, prompting many providers to increase prices, limit coverages and be more selective of the clients they take on.
Two in five businesses report having experienced cyber security breaches or attacks in the last 12 months. Although most senior managers have expressed cyber security as one of their top priorities in the workplace, only half of them have taken steps to protect themselves from risks, according to the government’s Cyber Security Breaches Survey 2021.
In the UK alone, cyberattacks cost companies an average of £8,460 in early 2021 – a large margin from the few hundred pounds that insurance policies would bill.
Lori Bailey, chief insurance officer at Corvus Insurance, identified two factors that are beginning to strain the industry: an increase in claim frequency and an increase in the value of claims.
This is likely due to the global proliferation of ransomware in recent months, exacerbated by the lack of malware protection as workers abruptly transitioned online with the pandemic in the picture. To make the situation worse, cybercriminals demanded a total of $5.33 million for an average ransom – up a whopping 518% from 2020, Palo Alto Networks reported.
“Carriers, and more specifically reinsurers, really struggle with this dynamic in the market,” Bailey told Tech Monitor.
As a result, insurers are left with no choice but to increase prices and limit coverages as the number and value of claims is quickly outpacing premiums – but it doesn’t stop there. They can also demand evidence of cybersecurity defences in place before taking on a new client.
“They don’t have enough money for everyone,” Andrea Rebora, cybersecurity associate at PricewaterhouseCooprs, told Tech Monitor. “The amount of money necessary to cover the potential clients is too great. It’s an absurd amount of money.”
“They want to see everything to the detail of what a client is doing to protect their networks or train their employees, to see if they have an incident response plan and so on,” Rebora added. “They need to make sure that the client is worthy of their services.”
This could spell danger for companies that fail to acquire insurance policies, as they could collapse from a single cyberattack. Darren Thomson, head of cyber security strategy at CyberCube, anticipated the same outcome, saying that the cyber insurance industry will be in full force this year.
“This year will certainly be an active one for cyber security and the insurance industry…New thresholds of acceptable tolerances will be tested at the nation state level. This will certainly lead to collateral damage that will impact business,” Thomson said. “The big question is: how can a company grapple with a complex threat landscape and maintain profitability amid what is a hardening market for cyber insurance?”