Direct premiums written in the cyber liability insurance market continued to grow in 2021-2022, seeing a 75% increase, far outpacing that of the overall property/casualty insurance industry.
As we look back cyber insurance marketplace, we see all the hallmarks of a hardening market, with no signs of relief as we move into 2022. We are in a place and time where difficult questions are being asked about systemic cyber risk, cyber underwriting practices and where hackers may hit next.
According to an A.M. Best report, there has been a 16% increase in claims and just a modest reduction in the loss ratio, despite significant rate hikes. These figures highlight the challenges the segment still faces.
The Report “US Cyber: Hardest of the Property/Casualty Markets”, notes that some of the cyber growth is being driven by the overall hardening of commercial insurance prices owing to inflation fears and a general weakening of the investment market.
The pandemic also brought to the fore the change in work environments and a greater need for cyber protection. The growth in cryptocurrency, the immediacy of payments, and the lack of buyers for stolen data also make ransomware much more attractive for a criminal enterprise, increasing the need for coverage.
Standalone cyber direct premium grew by 95% in 2021, increasing to the point that it exceeded all 2020 cyber premium combined.
Through 2018, the majority of cyber-related claims were on packaged policies. However, according to the report, claims on standalone policies are now the majority – and growing. Standalone policies are more often subject to claims, given that more-sophisticated clients with more data and financial resources typically purchase these policies.
Debates between brokers and underwriters rage on exactly what cyber insurance policies should cover and to what extent an insured’s cyber risk management maturity requirements need to adapt to the 2022 threat landscape. Capacity questions have not been settled, and exactly how much will be available in the U.S. and global cyber markets in 2022 remains an open question.
Despite the ongoing growth in cyber claims in 2022, cyber insurers’ underwriting performance still improved, as evidenced by an estimated combined ratio of 91.8 in 2022, although the estimated combined ratio on standalone policies was worse at 98.8.
The positive underwriting results were due largely to strong rate increases, which exceeded on average 25% in each quarter of 2021.
With cyber-attacks becoming more complex, AM Best expects the cyber market to remain hard for some time. The hardening market and a lack of capacity also has made captives an attractive risk management option for corporations.
Cybercrime generated significant headlines throughout 2022. These attacks underscore the urgency of addressing cyber threats, which require brokers, underwriters, managing general agents and customers to work together, along with some legislative and regulatory involvement. The rising frequency and severity of ransomware attacks suggest that insurers need to be more proactive.
Organizations that keep any type of personal information in databases
Almost every business – large or small, publicly traded or non-profit, academic or government agency – has some level of risk for cyberattack.
However, those organizations that keep any type of personal information in their databases are especially vulnerable, including:
- Financial institutions, like banks and credit unions
- Accounting offices
- Insurance agencies
- Law firms
- Medical offices
- Dental offices
- Schools and universities
- Large retailers, like supermarkets
- Businesses with lots of online transactions and/or credit card activity
- And many more
These types of businesses commonly retain detailed records – about their employees, clients, and vendors – that contain data that no one wants to fall into the wrong hands, including credit card information, social security numbers, patient histories, driver’s license numbers, and financial records.
However, whether or not your business falls into the categories above, you should act to reduce threats, minimize risk and protect your company against the most common cyber threats. On any given day, as you and your team go about business as usual, there are nefarious people, hackers and black hats, that are trying all sorts of sneaky ways to direct an attack at your company’s systems and grab your critical data.
What Does Cyber Insurance Cost?
The price of cyber insurance will vary wildly depending on the size of your company, the insurance provider you go for and what you want your policy to cover. Because of this, it’s hard to predict exactly what an individual policy costs, but we can look at some averages.
Cyber insurance for private individuals generally costs between $25 and $100 per month. Most private individuals have no need for cyber insurance though, as regular theft or homeowners insurance will often cover the aspects that are most useful to personal users.
Businesses, on the other hand, can expect to pay anywhere between $500 and $5,000 per year for cyber insurance. As mentioned, there are numerous factors that decide where in that price range you end up, and the largest companies likely pay far more than this.
Should You Get Cyber Insurance?
Unless you’re handling some very sensitive data or have a particular reason to believe you’re at risk of attack, you probably don’t need cyber insurance as a private individual.
If you’re worried about the fallout of potential cyber attacks or data breaches affecting you, a better option might be finding a home or theft insurance package that includes some coverage for these types of events.
For many businesses though, cyber insurance is an absolute necessity. Cyber security statistics show that attacks and breaches are on the rise in recent years, and businesses both large and small are routinely targeted by cyber attacks.
This can take the shape of ransomware, where your systems and infrastructure is shut down until you pay the hackers a fee, or a more traditional hack aimed at creating a data breach or stealing confidential information.
With a 600% increase in cybercrime since the start of the COVID-19 pandemic, it’s clear that this has become a common enough problem that it should be considered alongside other “analog” threats like break-ins, fires and the like.