Insurance Marketplace Realities 2022 Spring Update – Cyber risk

Rate predictions: Cyber risk

	Trend	Range
Cyber risk		+100% to +200%

Key takeaway

As cyber markets continue to limit their exposure to ransomware losses and other widespread events, buyers should be prepared to face dramatic premium increases or non-renewals if they are unable to demonstrate certain minimum-security standards, starting with remote desktop protocols and multi-factor authentication.

COVID-19 continues to impact the cyber market.

• The work-from-home era, possibly now permanent to at least some degree, may be contributing to an increase in phishing and hacking activity, as certain organizations have been more vulnerable than usual due to employees working remotely on potentially less secure networks with less secure hardware.
• According to the IBM and Ponemon 2021 Cost of a Data Breach Report, the average breach cost was $1.07 million higher in breaches where remote work was a factor.

Primary and excess cyber renewals are now averaging premium increases above anything we’ve seen: 100% to 200% and even higher. Capacity continues to tighten.

• Q2 renewals are expected to continue to see the jaw-dropping corrective retention and premium increases we saw in the preceding quarters. Increases will be steepest for those organizations that cannot demonstrate strong cyber risk controls, culture and overall cyber hygiene.
• Heavily exposed industries are likely to see increases on the higher side of our predicted range: healthcare, higher education, public entities, manufacturing, financial institutions, construction and large media and technology companies.
• Struggling to build towers, clients are often faced with the prospect of less overall coverage and being forced to consider alternate risk solutions, such as self-insuring and captives.
• Underwriting decisions are heavily influenced by the security controls a company has in place in conjunction with pricing and attachment points.
• Carriers are taking a much closer look at total capacity deployed on programs. Many large towers include U.S., London and Bermuda carriers, and many are looking to reduce or limit the total amount of capacity put up globally on a single tower.
• Renewals are taking longer to complete because carriers do not want to quote early for fear of an incident occurring between quoting and binding — and carriers are often unwilling to provide any significant extensions. It is more important than ever to start the submission process early so materials can be refined for best presentation to underwriters.

As losses show no signs of slowing, carriers are looking for new ways to underwrite cyber risk.

• Cybercriminals are targeting companies in every business segment with ransomware attacks. As these attacks become more sophisticated, threatening a firm's entire electronic infrastructure, ransom demands have increased — often reaching eight figures.
• Data breach costs remain highest in the U.S., where the average cost of a data breach in 2021 was $9.05 million, up just under 5% since 2020. For the eleventh consecutive year, healthcare data breach costs were the highest, increasing from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase (IBM and Ponemon 2021 Cost of a Data Breach Report).
• Ransomware attacks cost an average of $4.62 million, more expensive than the average data breach of $4.24 million (IBM and Ponemon 2021 Cost of a Data Breach Report).
• Certain carriers are relying more heavily on cyber security consultants for technical expertise as well as third-party scanning technologies to highlight potential vulnerabilities.
• Excess carriers are increasingly not aligned with primary coverages and are seeking to benefit from exclusions placed on excess policies below them in a tower.
• More carriers are requiring supplemental applications for ransomware and other common events, as there is increased concern around systemic losses and the potential impact they could have on the broader marketplace.

Markets continue to constrict coverages to limit their exposure to regulatory risk, ransomware losses and other widespread cyber incidents.

• Largely in response to the E.U. General Data Protection Regulation (GDPR) that went into effect in May of 2018 and the subsequent trove of data privacy legislation introduced across the U.S., most notably the California Consumer Privacy Act and New York’s copycat legislation, Senate Bill 567, we are seeing cyber markets pull back on offering wrongful collection and compliance coverage.
• Cyber markets are lately deploying co-insurance and or sub-limiting all coverages stemming from ransomware, increasing retentions and developing language to further limit their exposure.
• Certain markets have added broad Solarwinds and Log4j exclusions to their policies, making it essential for organizations to report notices of circumstances if either they or one of their vendors use or used the software.
• The Russia/Ukraine crisis has created a heightened risk of cyber attacks spreading to organizations on the periphery of the crisis. Some carriers are asking additional underwriting questions about whether insureds, their subsidiaries or their critical vendors have exposure in Russia, Ukraine or other potentially impacted countries and are considering adding territorial restriction endorsements onto their policies.
• Cyber underwriters continue to work closely with their counterparts in other lines to address silent cyber coverage, as more and more carriers withdraw or limit cyber coverage in non-cyber insurance lines due to concerns over aggregation.