The burgeoning cyber insurance industry is stuck in a bad place.
A painful 2021 – high claim numbers, caused mostly by ransomware – forced insurance providers to re-evaluate how they insure businesses against cyberattack. Now it's harder to get cyber insurance, regardless of the size of your company.
At the same time, cyber insurance grows more important by the day. It's valuable as a last resort if cyberattacks do hit, and backups don't save your data. This creates a quagmire for cyber insurance companies and businesses alike.
Which is why now, at the beginning of the year, is the best time to talk about cyber insurance. This WOOF will show you what's happening, what to expect from cyber insurance in 2022, and conclude with how you can successfully apply for cyber insurance.
How Cyber Insurance Works
Much like regular insurance, cyber insurance provides coverage in case of cyberattacks. A cyber insurance provider issues claims against:
- Ransomware attacks (the vast majority of claims)
- Data theft from external or insider threats
- Business email compromise—breaking into low-security email accounts to steal data & access credentials
Some existing insurance companies added cyber insurance to their portfolio in the past 10 years. We also saw new companies dedicated to cyber insurance appear in the same time.
What's Happening in the Cybersecurity World
It's no secret that the past 2 years have seen an explosion of cyberattacks. Ransomware captured all the headlines, as well as staggering payouts:
- $40 million by an insurance company in March 2021
- Untold billions lost & entire industries crippled by the Colonial Pipeline attack in May 2021
- And thousands more attacks on everything from major corporations to small businesses.
- According to the Washington Post, claims on cyber insurance for ransomware alone went up 300% in 2021!
Ransomware is not the only problem, though. Cyberattacks come in two other categories, each with their own headaches & painful costs.
- FTF (Fund Transfer Fraud) – Think phishing campaigns. The average funds lost to this claim type came to over $300,000 in 2021…an increase of 179% over 2020's losses!
- BEC (Business Email Compromise) – Breaking into email accounts, to enable other types of cyberattacks or steal data. Gift card scams, BYOD infections, and a hundred others.
The load has strained cyber insurance companies for the past 2 years…and more is coming. A 2021 report from a dedicated cyber insurance company, Coalition, illustrated just how hard they've been hit.
The report documented claims filed by their customers. Each claim represented a cyberattack against the customer's operations. In other words, they got hit, suffered damage to their operations/data/both, and had to file an insurance claim to rescue their
The result? Costs have skyrocketed:
- Cyber insurance claims from small and midsize businesses (250 employees or less) rose 57% in 2021
- The average ransom demand made to covered businesses in the first half of 2021 was $1.2 million. That is a 170% increase from the average demand in the first half of 2020.
- From the first half of 2020 through the first half of 2021, claims frequency increased 30% for nonprofits, 46% for IT, 53% for professional services, 99% for materials, and 263% for industrial!
As a (sour) cherry on top, cybercriminals have figured out that companies rely on their cyber insurance to make them whole...so the cybercriminals started hacking the cyber insurance companies.
How Cyber Insurance Companies Have Responded
Cyber insurance companies have had to make severe changes to their coverage limits, premiums, and application procedures. These will affect 2022's rates across all industries.
Don't take it from us—take it from the companies themselves. We asked Kyle Schaller, a commercial insurance broker for USI Insurance, for his insight on the cyber insurance industry.
The main points from his response:
- Cyber insurance companies have shown no signs of expanding coverage in the coming years.
- Cyber-related losses continue to mount, in time cost and claims amounts.
- Gaining cyber insurance coverage will be harder than in the past. Businesses will face more stringent network security requirements.
- Cyber insurance premiums will rise across the board.
Let's go into the reasons behind all these.
How does the current cyber insurance market look [from Kyle's perspective]?
"Historically hard, with specific cyber hygiene and practices required to secure coverage. As cyber-related losses increase, we’re seeing some cyber insurers discontinue writing cyber altogether or offering highly restrictive terms, including additional
exclusions, lower limits, and higher premiums."
Why will businesses have a harder time getting cyber insurance coverage?
Because they must increase their cybersecurity protections, to stave off cyberattacks. Required practices may include:
- Multifactor Authentication (MFA)
- Endpoint Detection and Response (EDR)
- Continuous network monitoring
- Implementing hardware and software firewalls
- Regular network vulnerability testing
"We expect the cyber insurance market to remain historically hard, especially through the first half of 2022. Premiums are expected to increase, the security protections needed for an optimal risk profile will expand, while policy limits decrease."
How much will premiums rise?
"On average, an organization with optimal ransomware controls and no losses can expect a 75-100% premium increase at their next renewal. With losses and/or suboptimal controls, we’re seeing 200% or more increases if coverage is available."
Essentially, cyber insurance companies must become an active participant in their clients' cybersecurity, just to keep offering coverage.
If PlanetMagpie were to make one suggestion to all cyber insurance companies, it would be: Require customers to undertake employee cybersecurity training annually. This tactic alone can fortify every layer of the business against cyberattack, for very low cost.
Considering Cyber Insurance? Act Now, Before it Gets More Expensive
Given Kyle's insights, if you're interested in getting or renewing cyber insurance, now is the time!
What you should do before applying for cyber insurance? Here's what Kyle recommends:
- Work with an experienced broker. They'll know what you should have in terms of cybersecurity, what types of coverage are available, and how to go through the underwriting process efficiently.
- If you were declined coverage in the past, understand why, and correct it before re-applying. This often happens when your business doesn't have the necessary security controls in place, such as Endpoint Protection or network monitoring.
- Document everything! All cybersecurity protections you have in place, any cyberattacks or attempts, etc.
- Get professional help answering the cyber insurance questionnaires. Your IT department or consultant can help here. The questionnaire itself gives you insight into what the insurance company wants to see, in terms of network security. Some items
you can implement quickly and at low cost. Which gives you a “yes” on the questionnaire, improving your chances of coverage.
Start 2022 off right—take steps to protect your network. Contact us at firstname.lastname@example.org to schedule a network security check.