A number of factors are converging to drive up demand for cyber insurance. A heightened awareness of cyber risks, driven by the increased regularity and severity of major breaches, is playing a central role in spurring a new level of interest among organizations of all size.
The Marriot breach is one such example of a high profile hack that scares businesses into action. In late November it was revealed by the hotel operator that the personal information of approximately 500 million guests had been compromised by a security breach in the firm’s Starwood reservations database.
But the catastrophic losses experienced by a selection of corporate giants are, alone, not enough to drive the current level of demand. Better educated insurance agents and brokers, and reduced cyber rates, have also been pivotal for higher adoption rates, explains Jeremy Barnett, senior vice president of marketing at NAS Insurance.
“Insurance agents and brokers have committed to the cyber insurance product; committed to understanding it more deeply and how to sell it,” Barnett says. “Price points have also come down to a place where many more companies are encouraged to buy a policy. Many felt like it was a little too expensive before.”
“For example, an investment firm that was quoted $4,000 or $5,000 for a policy two years ago, would be able to get a similar policy for around $1,500 this year. That potential client was much more apt to buy, more tuned into the risk and their broker was able to position and sell it more effectively. The price point also made it more attractive and worthwhile to cover the risk.”
Although demand is driving prices down, costs aren’t necessarily dropping for insurance companies. Emboldened by successful ransomware attackers, hackers are beginning to demand higher payouts. In previous years, a four or five figure ransomware demand would be commonplace, but in 2019 hackers are regularly demanding payments in the six figures.
“Expenses are also up significantly on the claims side for things like breach coaches, legal expenses, IT forensic expenses, and customer notification expenses,” Barnett says. “When there is a claim, responding to it is costly, so there is a need to make sure the premium base is keeping up with the cost of those claims.”
Despite the rising costs, partnering with leading IT forensics firms has been a top priority for NAS in recent years. It’s a field that is continuing to evolve and mature, and NAS is constantly evaluating the service providers it works with. The skillset needed to mitigate risk - and minimize the damage after an attack - is changing. It’s a fast moving space and having the right expertise in place is crucial.
“It’s great for that part of the industry to be growing up and maturing, it means we feel confident in who we are putting on to a breach,” Barnett says. “The other valuable piece is that customer education and awareness is growing. More policyholders are working on their preparedness. The resources they need to do that are better and more available, and we are seeing more organizations take advantage of them which is an important step forward.”