Cyber insurance rates dropped around 10% in June compared with a year earlier, reversing recent sharp rate rises. The decline can be attributed to better data from risk managers and insurers as well as claims that have proved smaller than expected, broker Howden said in a report on Wednesday. The market for cyber coverage has reopened as companies demand protection from potential losses associated with cyber attacks, including data breaches and ransomware. “The appetite for cyber is re-emerging in the marketplace as buyers seek to protect their balance sheets against frequent and high-severity losses,” Howden’s Shay Simkin wrote in the report.
The insurance industry has seen a wave of large cyberattacks — for example, last year’s attack on the Colonial Pipeline that resulted in a short-lived gas shortage across the Southeastern U.S. — which has driven premium increases and made policyholders more cautious in renewing their policies. In addition, the growing use of automation in business operations means that a single cyber incident can have significant financial consequences, and firms are seeking protection against such events.
Nonetheless, insurers remain hesitant to write new business in the cyber sector, and demand remains strong for existing coverage, especially among small-to medium-sized businesses. Shawn Tuma, partner at law firm Spencer Fane LLP who specializes in data privacy and cybersecurity risk management, says the demand is not solely driven by threats such as ransomware. “Companies are increasingly looking to understand, manage and mitigate cyber supply chain risks, which can include extortion, terrorism, cyber espionage, intellectual property theft and other types of threats,” he said.
Insurance and reinsurers have imposed more stringent terms on their clients, including requiring them to invest in stronger cybersecurity, and have raised the minimum level of required capital to underpin reinsurance. But despite these challenges, experts believe that the overall market is stabilizing, and that a more normalized trend is likely to emerge in 2023. “A new loss cycle is unlikely to occur in the near term, barring a major shift in the global geopolitical environment or widespread systemic cyber events,” Howden’s Simkin said.
Fitch Ratings, the ratings agency, has also recently reported a slowdown in cyber insurance premium increases. And Marsh reports that Lloyds has begun to mandate new war exclusion language in its cyber policies designed to help manage systemic risk.
These trends may have led to a slowdown in the rate increase for cyber, but many insurers are still demanding that their customers do more to improve their cybersecurity measures. Some have been cutting back on their coverage or not renewing it altogether as a result of the higher costs, sources told ZDNet.
For those looking to renew or buy a cyber insurance policy, industry experts advise a careful review of the current policy before making any changes. Changing insurers can be expensive, and insurers can often require significant reworking of a policy to reflect the increased exposures that are being taken on. Additionally, any major change in terms and conditions or the scope of a policy could cause premiums to spike again.
