An increase in cyber-insurance claims in 2023, driven by a more active threat landscape, will likely mean that last year's price plateau in cyber-insurance premium costs will be short-lived, according to industry experts.
While premium costs fell by 6% in the third quarter of 2023 compared with the same quarter in 2022, ransomware- and privacy-related claims had already skyrocketed from the previous year, according to risk management consultancy Marsh.
While it's unclear which direction insurance premiums will take in the next year, companies should expect cyber-insurance costs to rise in the next 12 to 24 months, says Roman Itskovich, chief risk officer and co-founder of At-Bay, a cyber-insurance and security startup.
The cost of cyber-insurance premiums typically lags changes in the threat landscape.
In 2020 and 2021, for example, ransomware and other disruptive attacks surged, leading to significant costs for the insurance industry.
On average, the industry saw its direct loss plus defense-and-cost containment ratio - a measure of the costs of a portfolio of policies compared to its revenue - surge to 73% in 2020 and 68% in 2021, before dropping last year to 43%, according to data from FitchRatings.
The annual increase in cyber-insurance premiums has declined in recent quarters, after a massive spike in late 2021 and early 2022.
When attacks surged, soon so did premium fees, more than doubling year-over-year by the fourth quarter of 2021, according to data from Marsh.
Pandemic, Ransomware Chaos Subsiding In many ways, the chaotic cyber-insurance market originated with the coronavirus pandemic.
Following an increase in cyberattacks during the pandemic, cyber-insurance claims surged, leading to a dramatic increase in pricing.
While insurance companies are always on the lookout for systemic risks that could derail their markets, they failed to predict the pandemic and companies' shift to remote work and the cloud.
The trend led to higher costs per $1 million in coverage, resulting in many companies opting for less coverage during a time of greater risk.
In 2022 a variety of factors led to fewer ransomware claims and insurance costs leveled out, leading companies to pick up more coverage in 2023.
Two-thirds of companies saw a decrease in cyber-insurance costs in the second half of 2023, according to a survey by independent insurance broker and consulting firm Woodruff Sawyer.
In the second half of 2023, two-thirds of companies saw their cyber-insurance costs decrease.
Cyber-Insurance Continues to Grow Despite its growing pains, the cyber-insurance industry is only getting bigger, with the value of direct written premiums growing to $5.1 billion in 2023, an increase of 62% year-over-year, according to FitchRatings.
While all insurers have tightened up their policies - clarifying the hostile/warlike act exclusions, for example - competition to satisfy businesses' risk needs has only grown, resulting in a softening of prices for coverage, says Shawn Ram, head of insurance for cyber-insurance firm Coalition.
For large enterprises, cyber insurance is widely seen as the cost of doing business.
Cyber-insurance underwriting for smaller companies continues to be an area of potential growth, however.
In 2022, the total dollar value of cyber-insurance premiums - including both standalone and packaged policies - surged by half to $7.2 billion, according to risk-rating agency A. M. Best, which noted that the number of direct premiums for cyber-insurance had tripled in three years.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 18 Jan 2024 17:00:04 +0000