Top Ten Things You Need to Know About the Cyber Insurance Market

RATE, RATE and MORE RATE: Increasing Premiums
Companies and firms are experiencing premium increases at renewal of upwards of 50%, depending on company size, industry and security risk profile. In many instances, the increase is in the double digits – 100%+. Having strong network security and data privacy controls is an expectation, not a basis for a discounted premium.

SKIN IN THE GAME: Increasing Retentions Connected to Revenue
Underwriters are using retentions and deductibles as a way of spreading or sharing the risk with the Insured. Often, the Retention is set based on the annual revenue of the company. Underwriters want to be sure the retention/deductible is set as one that the Company could pay in the event of an incident.

BACKING AWAY ON LIMITS: Decreased Capacity
For the first time since the introduction of cyber insurance, we are seeing the market backing away on limits they are willing to offer. Today, most markets will only offer a maximum limit of $5,000,000 on a primary layer of insurance.

EXIT STAGE LEFT: Carrier Exiting the Market
In stark contrast to the glory days of the cyber market when we saw carriers entering the market frequently, today, we are starting to see carriers exit the market.

NOT AS HUNGRY: Changing Underwriting Appetite
In the glory days of cyber market, carrier appetite could be described as being insatiable. Today, carriers are reevaluating their appetites in multiple ways, including classifying more industry verticals as “high risk”.

MFA, MFA, MFA: Enhanced Underwriting
There are basic controls that underwriters now “expect” to see. The list is long but just to name a few: Multi-factor Authentication (MFA), Network Segregation/Segmentation, Regular/Frequent Data Backups, Backups stored in more than one location, Regular/Frequent Security Awareness Training for Employees, Endpoint Detection and Response (EDR) etc.

JUST SAY NO: Declinations More Frequent
Underwriters are no longer racing to gain market share and are far more risk adverse than they were in the glory days. They are engaging in comprehensive, technical and strategic underwriting that results in more declinations.

PERFECT STORM: Market Saturation
The current state of the cyber insurance market means most insurance brokers are conducting a full marketing exercise on most accounts. A basic demand for cyber insurance has increased as well. The cyber insurance markets are overwhelmed with a flood (maybe tidal wave is a better way to describe it!) of applications.

TIGHTEN THE BELT: Coverage Tightening
Again, the current condition of the cyber market was triggered, largely, by a significant increase in frequency, severity and sophistication of cybercrime attacks – specifically, ransomware. As a result, most cyber insurers now impose co-insurance and/or sub-limits on coverage for ransomware attacks which extends to all areas of the cyber policy that are triggered by the attack.

PRESSURE: Cyber First Responders Under Pressure
The increase in frequency and severity of claim activity is also taking its toll on cyber first responders: claims professionals, breach coaches, cyber extortion negotiators, computer forensic vendors, public relations (PR) firms, etc. Anyone involved in the initial response to the cyber incident is inundated right now with sheer volume.