What is happening in the US cyber insurance market?
What is happening in the US cyber insurance market?
The risks associated with cyber-attacks are real, ever present, and can be catastrophic to businesses, not just here in the UK but Worldwide. For example a perfect storm is now brewing in the US cyber insurance market as claims have doubled, rates increased and insurers are closing gaps and scaling back products, all while the demand for competitive cover and higher limits outstrips supply.
Why is this happening?
Reports by industry experts such as Axis, Beazley, Coalition, Marsh and Gallagher all highlight consistent themes, the most prevalent being the number of claims being paid due to ransomware attacks. Traditionally ransomware attacks use malicious software (malware) to perpetually block access to a victim’s information or computer systems unless a ransom is paid.
The average downtime following a ransomware attack has increased year on year from 19 days to 22 days. In addition, more sophisticated versions now look to extrapolate data and, unless a ransom is paid, release sensitive data to the public. This then becomes a data breach as well as a cyber-attack.
Attackers also look to exploit vulnerabilities, for example, cloud-based services that act as a single point of failure or managed security service providers (MSSPs). These providers act as outsourced IT vendor meaning hackers can impact all the MSSP’s clients, which could be thousands, in one efficient cyber-attack.
At the same time, we’re seeing GDPR fines going up, and regulation in the US increasing on how firms handle their data and remain compliant.
The above sequence of event have led underwriters to look at how they manage systemic risks, common dependencies, close gaps in their products, as well as manage their capacity on a global scale.
What does this mean for customers?
The demand for adequate cover is still strong as businesses in the US take the threat of cyber-crime seriously and the products themselves deliver value. However, due to the number of claims being paid, insurers are looking to avoid specific industries altogether, exclude cover for ransomware and ensure businesses have robust cyber security controls in place.
Marsh highlighted 12 key factors from its claims data, that are key to mitigating risk, resilience and insurability. Depending on size and scope of firm will determine if all 12 need to be implemented for maximum impact.
However, it’s worth noting that these are minimum standards and that you can never 100% mitigate the risk of the evolving threat of a cyber-attack. As such, implementing these standards will increase business resilience making them much harder to attack without adversely impacting premiums. Instead, the advantage of implementing these controls is making the overall business safer and, as a result, more insurable.
How is this affecting the UK market?
As insurers manage capacity on a global scale, we’re seeing the impact of what’s happening in the US filter into the UK market, affecting prices and policy coverage.
Earlier this month, the British company KP Snacks, which includes brands such as Skips, Nik Naks and McCoy’s was hit by a ransomware attack which is expected to affect deliveries to supplies until March.
Marsh’ Global Insurance Market Index published in February, paints the same picture, stating rates climbed by 92% in Q4 2021 – up from 73% in the previous quarter in the UK market due to ransomware claims and insurers tightening their cover.
CPP Secure’s Cyber NOW Policy can support your clients
Our cyber insurance is simple, quick to process and affordable for your SME clients.
The policy offers your clients end-to-support providing protection before an event happens with FREE Avast Business Antivirus Pro Plus and access to KYND and Owl Detect to help identify business risks and highlight how to mitigate them, improving your clients’ overall security.
The policy also offers:
- Protection from cyber-attack and any liabilities that arise due to a breach of privacy legislation
- Protection against threat of Ransomware and Payment Card Industry fines and penalties
- A public relations company to protect and mitigate against any reputational damage
- A specialist IT forensic company to investigate what data has been compromised
- Direct access to a 24/7/365 helpline in the event of an incident
We’ve made the quote process as easy as quoting for add-on products. If you’re quoting for commercial combined or package cover, you can incorporate cyber insurance into the same quote sequence, without having to complete a separate quotation form.
Need to get in touch?
If you want to find out more, contact our sales team.