The relentless wave of cyberattacks continues to test businesses’ ability to respond to cyber incidents while pressuring cyber insurance to think through how they can better underwrite cyber. Cyber insurance is evolving at a rapid pace, and I wanted to share with you Q2 developments that will have a significant contribution in reshaping what cyber insurance is and how insurers approach this new line of business.
1. 2020 Market Data for Cyber Insurance from AM Best
AM Best’s 2020 cyber report sets the tone for cyber insurance in Q2. For the third straight year, the loss ratio for cyber has climbed more than 25%, to 72.8%. Undertaking portfolio corrections to accommodate for emerging risks has become more normalized which has led to higher premium rates. In parallel, standalone cyber grew in 2020 by 28.6%, which is more than twice as fast as packaged cyber and now represents 59% of the total cyber premium. This data validates the trend towards policyholders’ preference for standalone cyber. Standalone cyber policies define clearly what is covered and help eliminate unnecessary negotiations when an incident happens and the policyholder is in most need of help.
The rise of claims, both in number and severity is significant. Cyber insurance is in transition – insurers need much better insights into the risks they commit to cover. Cyberattacks and more specifically ransomware attacks are causing damage to critical supply chains (oil pipeline, food production). Software and equipment vendors also bring significant exposures to their customer base (Kaseya, Microsoft, SolarWinds, or VMware’s recent vulnerabilities have impacted a broad set of companies).
2. Is pulling out of specific markets the right answer for insurers? What else can be done?
Paying ransom demands has always been a controversial topic and is never the ideal option to resolve a ransomware attack. However, many businesses in critical sectors (healthcare, oil, or food supply chain) have to balance the consequences of paying the ransom with being able to restore service in a timely manner. In some cases, paying the ransom to restore service is the sensible thing to do regardless. Note that this is a business decision that is most likely independent of whether or not there is a cyber policy in place.
Some insurers have opted to pull out of the market (large insurer AXA) altogether. Others have drastically tightened their coverage by restricting some classes of businesses, lowering limits, and raising premiums.
It’s fair to suspect that insurers using traditional underwriting approaches for cyber now face a risk portfolio that is disconnected from the reality of the risk they took when issuing policies – threats have changed, and businesses have rapidly built up their digital operations resulting in exponentially growing risk not captured in the original insurance application.
Continuous risk assessment and continuous risk underwriting is the foundation on which Cowbell launched its standalone cyber insurance programs in 2020. This gives all stakeholders in the insurance process – policyholders, agents and brokers, underwriters, and reinsurers – the same continuous access into risks covered and how they evolve over the lifecycle of a policy. Most importantly, it enables the deployment of preventive measures when vulnerabilities with a broad impact on the market emerge.
3. NIST Framework for Ransomware; cyber as the new pandemic and top risk to the economy
The Colonial Pipeline attack, which impacted nearly half of the East Coast’s fuel supply and shut off their pipelines for 11 days, led to gasoline shortages and panic buying among many Americans. Governments and regulatory entities can no longer be passive about the risk that cybercriminals represent for the economy. For the first time, the Department of Homeland Security is aiming to regulate cybersecurity in the pipeline industry.
The recent governmental initiative created by the National Institute of Standards and Technology, reiterate how to respond to ransomware challenges. This initial draft is a guide to mitigate ransomware events and gauge an organization’s level of preparedness to respond to security threats. The proposed ransomware framework is based on NIST’s five Cybersecurity Framework Functions: Identify, Protect, Detect, Respond, and Recover. These functions are designed to help organizations recognize and prioritize opportunities for improving their ransomware resistance.
As an insurance provider dedicated to cyber, Cowbell is reinventing cyber insurance on the premise that the risk covered by cyber insurance policies is constantly changing. This is why we have pioneered a continuous risk assessment approach to support an AI-assisted continuous underwriting process that is precise and fast. As a result, we deliver today policies that are tailored to the unique risk profile of each policyholder and can keep policyholders and our underwriters appraised of the risk covered as it evolves
Our team and insurance programs continue to grow. As we continue to innovate, we would like to invite you to join our distribution network if you are an agency. If you’re a business pondering whether cyber insurance is for you, sign-up for a free risk assessment. You will get immediate answers to “Is my business as secure as my peers” with recommendations to fix the potential weaknesses that we have identified.
Feel free to go back to our review of the first quarter in cyber insurance if you happened to miss it.