Skyrocketing premiums are impacting both integrators and their customers. Why and how did the cyber insurance market harden overnight? That is a question many businesses are pondering as they are running into seemingly brick walls at their renewals. Having already been battling hard markets in other lines of insurance over the past few years, cyber premiums increasing significantly had not been an issue until recently. This is in addition to potentially reduced limits and coverage.
Skyrocketing premiums are impacting both integrators and their customers.
Why and how did the cyber insurance market harden overnight? That is a question many businesses are pondering as they are running into seemingly brick walls at their renewals. Having already been battling hard markets in other lines of insurance over the past few years, cyber premiums increasing significantly had not been an issue until recently. This is in addition to potentially reduced limits and coverage.
The answer is ransomware.
Ransomware attacks have been steadily increasing in frequency, severity and sophistication. Long gone are the days extortion for a few hundred bucks. Now, hackers are demanding millions of dollars in cryptocurrency with established negotiating strategies. In addition to the extortion to give access back to systems, they are holding sensitive data they exfiltrated from the systems hostage as well.
In many cases, it gives organizations little choice but to pay the ransoms, which has decimated insurers’ bottom lines – practically overnight. There is no time to “reserve” for these losses, watch claims develop for months or years at a time and then have actuaries model the corrective action needed over the next two or three years. Capital is there one day and gone the next without warning.
Compounding this issue for insurance companies are clients who decide not to pay the ransom and choose to restore their systems from backups (assuming they exist). With the average downtime 23 days from a ransomware attack (Coveware Q1 2021 Ransomware Marketplace Report), significant losses are coming from forensics costs, loss of income and extra expenses incurred, all covered in a properly placed cyber policy. No entity, regardless of size of industry, is immune to these types of attacks. The bad actors do not discriminate and will go after any entity they discover a vulnerability in their network security.
The Reaction from Insurance Carriers
Insurers have reacted to this dynamic pretty drastically; however, most will say it is necessary for them to continue to write this line of business. As an industry, carriers are addressing their responses differently, but with some constants throughout the group.
Most importantly, rates are increasing across the board – and significantly. Well-controlled, loss free accounts are still seeing double digit rate increases from most of the market. Poorly controlled accounts are commonly seeing 40%, 50% or even higher, if they can get coverage at all. Carriers have increased minimum premiums to deploy capital as well.
A good account is no longer defined as smart IT people and no claims. Very technical controls are critical for insureds to implement prior to their renewals to be viewed as a good risk. A few key controls that are consistent across the market:
- Multi-factor authentication (MFA) for remote access, cloud applications (including email), Remote Desktop Protocol (RDP) and network administrators;
- Protection and segmentation of backups;
- Endpoint detection and response;
- Regular employee training and testing; and
- Incident response plans implemented and tested regularly.
Insurance companies are managing limits and retention. Gone are the days of $10MM limits with a $25K retention. Some carriers are limiting their maximum capacity at $5MM and others implementing minimum retentions for different levels of capacity. For example, it is unlikely you will see lower than a $100K retention of a $10MM limit from any one carrier.
Next Steps for Your Business and Your Customers
This issue is obviously a major one for both security integrators and their clients when it comes to their internal liability coverage. How can a business prepare for an upcoming renewal?
There are a number of steps a company can do to make sure that not only they minimize the rate increases in their program premium, but also ensure that they will be able to secure coverage at all. It is critical that companies get out ahead of their renewal and consult with their agent or broker on what they need to do in order to put them in the best position with the insurance carriers to secure coverage at renewal.
It will be necessary to conduct a self-assessment or use a third party to do an assessment to make sure a company has the internal controls and procedures in place in order to check all the correct boxes during the underwriting process. All carriers are using scanning technology – whether proprietary or via a third party – to scan insureds and potential insured’s networks for vulnerabilities. In addition, most now have and require ransomware supplemental applications to be completed.
Insurance carriers are using the combination of these external scans and the increased underwriting information to determine not only how they may price a risk but if they will sub-limit critical coverage components or even offer terms at all.
With so many companies struggling to get renewals, security integrators can serve as a trusted resource by helping these clients to prepare in advance for their renewals and address the major insurance carrier concerns listed. This can be done with a combination of technologies and diagnostics – some of which can be outsourced – as well as fixes for issues identified in scans. It is an opportunity to build a foundation to put your customers in a much better position to maintain coverage.
To learn more, please visit insuretrust.com.