As the number of cyber security breaches soars, direct written premiums (DPW) for cyber insurance worldwide could rise to $23 billion by 2025, with U.S. businesses paying about 56 percent of the total, according to Triple-I’s latest Issues Brief.
Cyber Insurance: State of the Risk, published last week, says the most recent data shows standalone policies have emerged as the preference for larger insureds, accounting for more than 70 percent of DPW – an increase of 61.5 percent from the prior year. These growth trends may signify that businesses recognize the growing threat of cyber risk requires mitigation beyond the typical coverage limitations of packaged options. Loss ratios also improved over 2021 rates, with declines of 23 percentage points, to 43 percent, on standalone policies and 18 percentage points, to 48 percent, on packaged policies. These improvements are evidence of improved cost-containment strategies.
A two-edged sword
The brief outlines how technology can foster opportunities for cyber attackers and deliver ways for cybersecurity managers to predict, prevent, and manage threats. Increased use of cloud storage, remote working, and the “bring your own device” IT approach has amplified points of organizational vulnerability. And, as more companies and their employees are increasingly leveraging AI to boost operational efficiency, cyber attackers have created large language models (LLMs) to mimic the functionalities of ChatGPT and Google’s Bard to aid in phishing and malware attacks.
Even the smallest businesses face threats that can incapacitate an organization. However, organizations can manage breaches more efficiently using AI for faster breach detection and implementing requirements for two-factor authentication, VPN use on external Wi-Fi networks, and data-wiping processes for lost or stolen devices.
Cyber insurance has become an integral part of robust prediction and prevention.
The bulk of cyber insurance claims by volume and frequency stem from ransomware and extortion-based attacks, according to an October 2023 report from Allianz. The report also says the annual proportion of cases in which data is stolen has consistently risen from “40 percent of cases in 2019 to around 77 percent of cases in 2022, with 2023 on course to surpass last year’s total.”
The Allianz report highlights the growing need for businesses to improve prediction and prevention strategies, internally and with external partners and supply chain relationships. It makes practical sense that indemnification for cyber risk has become a common requirement for vendors doing business with frequently targeted sectors.
The Triple-I brief states that as insurers refine policy terms to make the scope of coverage more understandable, business risk managers are better able to comprehend how cyber insurance can mitigate their risks. In turn, insurers may have been able to gain improvements in cost containment and rate stability.
Triple-I supports increased awareness of the threat landscape
Cyber insurance can play a pivotal role in liability management. Sean Kevelighan, Triple-I’s CEO, participated on a panel during the Small Business Cyber Summit, a series hosted by the U.S. Small Business Administration (SBA). Discussions offered insights and tips for cybersecurity risk managers and other experts. Kevelighan explained how cyber insurance can allow “businesses to more strategically allocate their resources” in the battle against cyber threats.
Kevelighan participated in another fall 2023 cyber risk panel hosted by The Institutes Griffith Foundation in collaboration with Indiana University. The presentation, Cyber Risk: Exploring the Threat Landscape and the Role of Risk Management, focused on risks to national infrastructure and companies. Accordingly, panelists discussed how regulators and businesses have responded to the inevitable threat of cyberattacks. Speakers shared expertise in three core areas:
- the Cyber Threat Landscape
- ransomware and insurer solvency; and
- eminent challenges for cyber risk insurance.