How the Cyber Insurance Market May Look Different in 2023
Despite the cyber market being around for more than a quarter of a century, there are continuous changes.
The last two years in particular have seen quite some change between the dramatically increased threat of cyber criminals, and up to triple digit premium increases. Although the requirements have already changed, what was considered acceptable in 2022 may not be in 2023. As always, it is best to be prepared for all possible outcomes.
The Challenges of Today’s Market
With the pandemic causing us to rely solely on the internet, cyber attackers have taken advantage of it. With cyberattacks growing on the ransomware front, more companies decided to seek cyber coverage. With the increased interest in coverage along with worsened direct-loss ratios, providers have had to increase coverage costs. Coverage costs in just the second quarter of 2022 increased by 79% from the prior year. Although cyberattacks are a big issue, they’re not the only thing causing a change in regulations. Geopolitical tensions have caused concerns around software supply chain risks, which raises new questions around systemic losses and aggregation exposure.
2023 Requirements Will Go Further
It may seem difficult to score a fair policy or renewal, but it is possible. Underwriters and carriers seem to respond positively to companies with robust security controls and action plans. Underwriters usually look into the company’s security system in order to evaluate the applicant’s vulnerabilities and security rating services. When the underwriters are evaluating the company, they are usually looking for evidence of different cyber security controls and practices. It seems as though in 2023 these audits will examine areas more closely than ever before, making it more difficult for companies to get coverage without the proper security. Ransomware attacks usually start on servers and workstations, underwriters will be focusing on endpoint security closer. Before, the main thing that was focused on was employee training on possible breach tactics. Although the proper training is still important for employees, attackers don’t seem to stick with one tactic, making it difficult to stay up-to-date. Recognizing a possible attack can be hard, so underwriters decided to focus on endpoint controls. Multi-factor authentication has become a basic tool used in the workplace in order to keep sensitive information under lock. However, as insurers dug deeper into multi factor authentication execution, it was found that it’s not being fully utilized, especially in the healthcare and advanced education sectors. Another area that seems to be focused on is third-party privileged users authentication. Organizations and vendors, who need access to sensitive data also need to be required the same amount of security coverage as regular employees, but it is found that that is not the case for many. It is important as a company to make sure security controls are closely managed, and executed properly. Insurers and underwriters are advancing their strategies in policy screenings to follow the market and offer the most accurate coverage price.
In response to the accelerated change, more companies are stepping up, and taking the proper measurements to tighten up their ransomware defenses. As stronger protection is used more effectively, insurer losses are stabilizing slowly, helping to soften the market.
