As per the National Association of Insurance Commissioners, the reported direct written premiums for cyber package policies added up to $1.69 billion in 2021, a 47.6% increase from 2020. This is primarily attributed to surging ransomware activities. Consequently, cyber risk has become a critical concern for public entities and organizations worldwide. As per Inkwood Research, the global cybersecurity insurance market is set to project a CAGR of 19.58% and reach $xx million by 2032.
Similarly, according to the Federal Bureau of Investigation’s 2021 Internet Crime Report, the Internet Crime Complaint Center (IC3) received 3,729 ransomware complaints with adjusted losses of over $49.2 million. Cybersecurity insurance, a rapidly expanding sector within the broader insurance industry, is characterized by the provision of policies that offer financial protection and risk mitigation to organizations in the event of cyberattacks, data breaches, and other cybersecurity incidents.
Overall, the global cybersecurity insurance market encompasses coverage for losses and liabilities arising from data breaches, cyber incidents, and related issues.
Why are Cyber Insurance Premium Prices Soaring?
Companies are increasingly insulating themselves against mounting cyber incidents. So much so that cyber threats’ prevalence is making businesses reconsider their decision to partner with companies that have no comprehensive cyber insurance.
Further, the decreasing carrier appetite for risks and rising demand for coverage are among the main drivers of increased premium prices. Besides, there is a huge demand for cyber coverage anyway, given the surging awareness about cyber threat risks for businesses of all sizes.
Additionally, insurance underwriters are trying to minimize the losses from cyber claims with stringent underwriting requirements. For instance, ensuring cybersecurity protocols like multi-factor authentication.
Impact of Software Supply Chain Attacks on Cybersecurity Insurance Market
Software supply chain attacks are cyberattacks that enable access to a company’s software supply chain. This is done through manipulation, vulnerability, and misconfiguration of the supply chain tools. The access is then used to commit an unauthorized modification of software, tamper with the application, and steal data. A potent risk is the likelihood of using the company’s software update to distribute malicious codes or create backdoors. In this regard, all technology vendors are vulnerable to software supply chain attacks.
Over the years, cyber insurers have incurred major losses covering the aforementioned ransomware attacks since the payouts were much higher than originally expected. One such recent attack was on SolarWinds.
SolarWinds Orion is an IT management platform used by several private and governmental organizations. In March 2020, SolarWinds released a general update for their Orion platform. A malicious code was inserted into the update, enabling the hackers access to several thousands of organizations using the Orion platform. Those impacted also included the United States Department of the Treasury, the State Department, and the Department of Homeland Security. As per BitSight, a cybersecurity risk vendor, an attack like SolarWinds will incur a cost of around $90 million for cyber insurers. (Source)
Such attacks are shifting the paradigm for cyber insurance companies since these attacks represent a key shift in target for threat actors globally. The susceptibility (and the ability) to compromise systems at this scale using a single-entry point represents a unique challenge to cybersecurity and cyber insurance industries alike.
COVID-19’s Significant Contribution toward Cyber Insurance Premium Prices
COVID-19 raised the potential for cyber threats as businesses expanded their IT capabilities to enable efficient remote working. This facilitated new network vulnerabilities, given the surge in access points and increased reliance on personal devices. Similarly, phishing attacks were initiated since the attack surface was spacious enough to accommodate a remote workforce using less secure home networks.
In addition, some cybersecurity insurance policies differentiate between personal devices and company-owned computers. Companies may not cover hardware owned by employees, which can expose them in the event of a breach. As a result, the pandemic hardened the cyber insurance industry. Simultaneously, cyber insurance premiums shot up.
Furthermore, cybersecurity insurers are elevating their risk-modeling techniques and enhancing their understanding of fast-moving cyber risks. As a result, companies are under increased scrutiny from their insurers.
Nevertheless, with the steadily rising frequency and sophistication of cyber threats, organizations are turning to cybersecurity insurance as a vital component of their risk management strategy. This also forms one of the key opportunistic areas for the global cybersecurity insurance market.
By Akhil Nair
Cybersecurity insurance, also known as cyber insurance or cyber risk insurance, is a policy that provides financial protection to businesses in the event of a cyberattack or data breach. It covers costs related to data recovery, legal expenses, and reputation management. In an increasingly digital world, cybersecurity insurance is vital to safeguard against the financial impact of cyber incidents.
Cybersecurity insurance policies can vary, but they typically cover a range of risks, including data breaches, ransomware attacks, business interruption due to cyber incidents, legal liability for data loss, and costs associated with notifying affected parties. Some policies may also include coverage for regulatory fines and public relations efforts.