Insurance Business America released a whitepaper on the state of cyber insurance seen through the lens of the prevailing cyber threats of 2020, and how insurers, brokers, and their clients can take advantage of the growing cyber market to achieve maximum productivity in 2021.
The whitepaper experts included Cyberscout Chief Marketing Officer Jeremy Barnett, Resilience Insurance Executive Vice President and Global Chief Underwriting Officer Emy R. Donavan, CFC Underwriting Executive Vice President Shannon Groeber, and Cowbell Cyber CEO and Founder Jack Kudale.
“Cyber Insurance Report 2020” provided a 10,000-foot view. Areas covered include the ever increasing average cost of a cyber incident, a trend all the experts agreed will continue in 2021. The causes are familiar ones, including phishing, malware, ransomware, weak password security and insider threats. Disruptions caused by Covid-19 were also a dominant theme for all of the experts, with an increase in pandemic-themed hacking and an increase in vulnerability due to a newly remote workforce fueling an increase in both cyber incidents and the cost of coverage.
One of the big takeaways for Cyberscout’s CMO, Jeremy Barnett was the key role brokers play in the cyber insurance marketplace. “Brokers are key to helping small businesses get proactive about managing their cyber risk,” Barnett said in the IBA whitepaper, highlighting a new trend: Brokers at the vanguard of a cybersecurity sea change.
The whitepaper focused on cyber insurance rate, and all of the experts agreed that the pricing is going to increase. Other takeaways:
Cyber insurance is a growth area. The downside numbers are sobering in the wake of a cyber event. The global average cost of a data breach in 2020 was $3.86 million with the U.S. being home to the highest average cost at $8.64 million. The highest industry average cost of a data breach was in healthcare, tipping in at $7.13 million. Without cyber, compromises can be an extinction level event.
“We look at the cyber insurance market on a global scale and see demand continuing to grow across all sectors,” said Barnett.
Hackers have switched gears from PCI-based attacks to ransomware. Increasingly the trend lines point to companies and organizations of all sizes and descriptions being targeted directly by ransomware attacks and less by payment card industry focused exploits.
“Once risk managers, cybersecurity experts and insurers got to grips with the PCI data breach dilemma, hackers changed their course and started plaguing businesses with ransomware,” wrote Bethan Moorcraft of Insurance Business of America.
“Unfortunately, it [ransomware] has reached epidemic status – comprising up to 40% of cyber insurance claims,” said Donavan when asked about the most common causes of cyber claims.
The Covid-19 Effect Is Real. The pandemic touched off a spike in cyber attacks with remote work creating myriad vulnerabilities with increased cyber insurance rates forecasted as a response to the increase in frequency and severity of cyber incidents.
“COVID has made the threat landscape significantly more dangerous in 2020 – and expensive,” said Barnett. “The U.S. Department of Labor estimates $26 billion in unemployment fraud….As of May 2020, the FBI Internet Crime Complaint Center received as many complaints as they had in the entire 2019 calendar year.”
Cloudy with a chance of compromise. Compromised credentials and cloud misconfigurations are tied for second place in causes of data breaches and are expected to be major motivators for companies to adopt cyber policies. Cyber is increasingly a necessary back-up plan.
Don’t Underestimate the Curative Effect of Regulations. California’s cyber regulations, the CCPA, went into effect in the wake of the EU’s powerful GDPR but both were drowned out by the global spread of Covid-19. They will help companies and organizations of every description navigate the threat landscape.
“While we’re not yet seeing much claims activity, we are seeing new ways that insurers are helping their clients become prepared and compliant,” said Barnett.
Go Cyber, Young Market Sector. The market for cyber insurance will be extremely active this year with a tremendous amount of growth potential. perhaps the largest sector being SMB, as the percentage of covered ones being small and medium sized enterprises.
Jeremy Barnett pointed to a recent Cyberscout research study, which found that more than 69% of small businesses do not have cyber liability coverage. “Carriers, reinsurers, brokers and consultants should not only see the economic opportunity of catering to the SMB market, but also an obligation to protect them.” Barnett added, “Cyber insurers also need to start to evolve their personal lines products to include cyber coverage and services.”
The experts agreed that education was an indispensable element to cyber insurance and the prevention of cyber incidents. Remote workforces are encouraged to maintain close and regular contact with employers, keep current with software updates and patches for vulnerabilities, connect to their work networks via VPN, and to be on the lookout for phishing emails, especially those exploiting the Covid-19 pandemic. But there is no strategy that can fill the void of a company operating without cyber insurance in this new and dynamic threat landscape, which suggest a very strong year for cyber policies.