The crisis emerging from COVID-19 has been and will continue to be the dominating news and rightfully so. I still wanted to highlight key news and data that surfaced prior and during the crisis and will potentially shape the cyber insurance market moving forward.

 

With phishing attacks exploding, it is a good time to review cyber policies

The number of cyberattacks has skyrocketed with many workers required to work from home (source: Business Insurance, Hacking against firms surges as workers take computers home, April 17, 2020). Even companies with their own corporate security team, have found that keeping their data and assets protected is more difficult now with home computers connecting to enterprise resources through personal wifi and other non-corporate networks. Hackers are taking advantage of the employees’ lack of education on cybersecurity, ransomware attacks, email phishing, social engineering, and more. 

It is a good time for policyholders, agents, brokers, and insurers to review their current cyber insurance policy, read the details of their coverage, and validate whether their work-at-home employees and personal devices are covered.  

 

California is considering making cyber insurance mandatory for state contractors

Cyber Insurance is currently not mandatory, unlike, for example, Workers Compensation. Corporations that are dependent on a large network of suppliers have already started to demand proof of cyber insurance as part of their supplier contracts so it would not be unusual for states to start requiring the same of their contractors. 

California seems to be one of the first to do so. The Californian assembly introduced a bill in February 2020 to make cyber insurance mandatory for all state contractors processing regulated or protected personal information. Wouldn’t it make sense to require that every business processing PII, PHI, PCI, or other be covered by cyber insurance? At a minimum, this could help cover the expenses of notifying individuals whose information has been compromised.  

 

From McKinsey: 7 Imperatives for Insurers

McKinsey published an insightful report on the insurance industry, “Restore and reimagine: Digital and analytics imperatives for insurers” explaining 7 imperatives for insurers to refine (and accelerate) their digital transformation. 

These 7 imperatives align perfectly with Cowbell’s mission to “Make Cyber Insurance Easy” and transition cyber insurance to a simplified, 100% online distribution model where brokers and agents can serve their policyholders better with full visibility into continuously updated risk insights. Check our recent blog on how Cowbell aligns with the 7 imperatives highlighted by McKinsey

 

Cyentia’s analysis of Advisen cyber claim loss data informs risk modeling

We encourage everyone to read the Cyentia report on “Information Risk Insights: A Clearer Vision for Assessing the Risk of Cyber Incidents”. This study sheds light on the severity and frequency of cyber loss across industry and company size, providing valuable insights and challenging the broadly used model of $150/record to evaluate the cost of a breach. Other key findings from the data report include:  

  • The traditional method of estimating breach losses—using a flat cost per record—is misleading. Cyentia reports that it results in $1.7 trillion of error due to overestimating losses compared to actual recorded values.
  • Typical and extreme losses differ substantially among industries. The information services and retail sectors show abnormally high losses that exceed many other sectors. 

 

National initiatives’ heightened focus on cyber insurance 

“Our country is at risk, not only from a catastrophic cyberattack but from millions of daily intrusions disrupting everything from financial transactions to the inner workings of our electoral system,” says the report from the Cyberspace Solarium Commission.

This sums up the severity that the government sees in cyber attacks as a threat to the country’s security and safety. Many want a uniform solution to cyber criminality for that reason. The main focus of the report is the demand for a federally-funded center that focuses on developing cybersecurity insurance certifications and a partnership between public and private enterprises on cyber risk models. The commission describes the risk that goes from cyber criminality as grave as “fires in California, floods in the Midwest, and hurricanes in the Southeast.“

The cyber insurance market benefits from the additional attention of the federal government – this enables all actors – re-insurers, insurers, brokers and agents –  to accelerate the delivery of high quality, relevant cyber insurance coverages to policyholders. 

 

Cyber insurance market growth estimates: small and midsize enterprises show strong buying intention

Demand for cyber insurance is building. The market is expected to hit $28.6 billion in 2026, at a CAGR of 24.9%, according to Allied Market Research. North America’s share currently holds more than 20% of the global market, since many companies have experienced harmful cyberattacks in the past, resulting in them purchasing cyber insurance in order to be protected in the future. 

Cowbell’s recent research report on Cyber Insurance shows that 65% of Small to Midsize Enterprises in the US plan to invest more in Cyber Insurance in the next two years.  

“ 65% of small to midsize enterprises in the US plan to invest more in cyber insurance over the next 2 years”

Another cyber risk study from the Hanover Insurance Group states that even though many firms are insured against traditional cyber threats and data breaches, coverages often lack the newer, and soon-to-be, more regularly happening attacks. This should give incentives for businesses, large and small, to review their policy more frequently than once a year. At Cowbell, we are pioneering continuous underwriting for cyber to support our highly adaptable cyber insurance offerings. Cyber threats and risk exposure can change daily and/or brutally as we have learned with COVID-19. Cowbell re-compiles Cowbell Factors, its proprietary risk rating factors, on a continuous basis, providing policyholders (and non-policyholders) with timely insights.  

 

If you want to learn more about Cowbell Cyber and our standalone, admitted cyber insurance offerings, please contact us at [email protected]. Agencies interested in distributing Cowbell Cyber can start the process at https://cowbell.insure/for-agencies/