Premiums for cyber insurance have soared over the past few years, with prices starting to rise in late 2019. Marsh’s market index indicates that Cyber insurance pricing increased globally, driven by ransomware attacks. For the third quarter of 2022 , 102% increase in the UK, 48% in the US, 40% in Continental Europe and 25% in Asia.
Cyber Insurance versus Cyber Threat Landscape
According to ISACA, the COVID-19 pandemic drastically escalated cyber-related issues. Daily cybercrime complaints increased up to 400 %. Ransomware attacks represent 23% of all cyber infraction in 2022, while cloud-based attacks and supply-chain attacks are muscling their game.
The advantage of ransomware attacks is that they are very visible. Their may be indeed a rise of such attack. But it is very difficult to proportionally assess it against other types of more sophisticated and less visible attacks. So while the Cyber Insurance is still struggling to quantify cyber risk based on an over-representation of ransomware attacks, it is not recomforting when they will have to cop with more stealthy cybercrime operation.
The combination of regular price increase and cyber insurance exclusion is a clear sign of a still maturing sector with trial and errors. According to a july 2022 Panaseer survey of global insurers across the UK and US, 82% of global insurers expect the rise in cyber insurance premiums to continue
2023 Cyber Insurance Trends
With businesses that are always more dependent of digital process, strengthening legislation, worrying cybercrime maturity and sharp cyber insurance competition, key trends of insurance product covering cyber risk will develop in 2023:
- Self-Insurance: It typically involves putting aside funds on an organization’s balance sheet to cover future expenses stemming from a cyber incident or writing cyber risks through an organization’s “internal insurer”. Organizations need to design it in a deliberate, formal and defined way to effectively use them as a primary layer of cyber insurance or to supplement external coverage.
- Co-insurance: To reduce their portfolio risk while still staying in the competition, multiple cyber insurance providers will create joint insurance product to share their respective cyber risk.
- Cyber monitoring of SMB: The creation of bundled approach of a prealable cyber risk assessment combined with a competitive cyber insurance policy and a platform that continuously monitors exposures throughout the policy and alerts the insured before a breach occurs in order to help customers avoid a price surge following a breach and a claim.
A new stream of cybersecurity products
Cyber insurers have already tighten their initial due diligence. They are requiring more control point and more visibility into the insures network and cyber security practice. From corporates with global networks to the smallest of SMBs; using a risk based vulnerability management (RBVM) platform provides notification to the insured of a potential issue before the attacker takes advantage of it.
Continuous monitoring of the external attack surface, internal network patch management, cyber compliance are all key to mature a proactive cybersecurity posture that helps to increase cyber insurance eligibility and reduce cyber insurance costs.