The cyber insurance market is experiencing a period of heightened volatility that affects insurers and their clients globally. Historically, the need for cyber coverage developed in the late 1990s in response to the growing digitalisation of services and economic output. Its start was driven by the growing need to protect businesses from evolving cyber threats. Depending on the region, the markets took off between 2009 and 2014. Since then, it has seen rapid growth, adapting to the changing cybersecurity landscape and providing coverage against a range of digital risks.
In the last two years, clients who once enjoyed the stability of their cyber insurance policies have seen dramatic rate increases, a phenomenon which isn't confined to a single region but rather a global trend.
The picture may no longer be as simple – rate increases have slowed substantially in 2023 compared to 2022 – though the broad trend towards higher prices and tighter terms and conditions (T&Cs) remains. The primary and low excess placements remain fairly stable with still some single digit rate increases. Within the excess we see a more negative trend towards rate decreases. A surge of new entrants to the cyber market has had an effect. Simultaneously, IT security vendors are sounding the alarm about the escalating number of ransomware attacks, surpassing those in 2022.
Clients now find themselves on a bumpy path: what began as a soft market, with low prices and wide terms and conditions, went through a stage of rapidly increasing premiums and tightening T&Cs and is still in a hard market phase. This has been a result of the uptick in the number of companies looking to insure themselves while, at the same time, ransomware attacks have evolved and escalated.
It is our belief that we are only at the start of this market evolution and over the next few years we will continue to experience dramatic changes in the industry, but there is much that can be done to negotiate these challenges.
An Evolving Threat: Preparing for the Future of Cybersecurity
The cyber security threat landscape is constantly evolving and becoming more sophisticated. As defences get more advanced, so do adversary attacks. Rather than encrypting an entire company's data, threat actors have escalated their tactics and shifted their focus to stealing sensitive information and threatening to publish it online. This shift in attack patterns necessitates a different response from insurers.
One of the ways to weather the turbulence in the cyber market is through adaptability. Insurers and clients alike must remain agile in response to the ever-evolving threat landscape. As ransomware attackers change their tactics, the insurance industry needs to adjust its strategies accordingly.
Our strongest advice to our cyber insurance clients is to invest in IT security and cybersecurity maturity levels while emphasising the real and growing risks in the digital realm. We believe it is essential to bring awareness to these risks and ensure that our clients are sufficiently protected against any potential threats. LSM has an in-house risk engineering team that is there to advise clients on potential measures if needed.
It is also clearly naïve to assume that one’s defences are always going to be one hundred percent effective. Preparing for the future involves companies preforming regular assessments of cyber vulnerabilities and readiness. Companies must conduct thorough risk assessments to gauge their susceptibility to various cyber threats, whether it's full encryption or data theft. The key takeaway is that preparing for these incidents isn't a one-time exercise but an ongoing commitment to adapt to the ever-shifting strategies of threat actors.
The Future is Expertise, In Both Cybersecurity and Insurance
In response to the evolving cyber threat landscape, insurance products must also adapt. Currently, many cyber insurance policies offer a one-size-fits-all approach, bundling first and third-party liability coverage. However, clients may have different priorities. Some may be more concerned about business interruption, while others may fear the legal consequences of a data breach. Tailoring insurance products to meet the specific needs of clients could be a significant step toward a more stable and sustainable market.
In such a changing marketplace, the experience and stability of insurers play a pivotal role. Insurers with a proven track record and a commitment to the cyber insurance market retain a vital role. Experienced insurers have endured market fluctuations and have the historical knowledge necessary to distinguish between market noise and true volatility.
The volatility in the cyber insurance market isn't merely a matter of fluctuating prices; it reflects the dynamic nature of cyber threats themselves. To navigate this shifting landscape successfully, insurers and clients must remain adaptable, responsive to evolving tactics, and open to tailoring insurance products to meet individual needs. While the market's recent changes have brought challenges, they also offer opportunities for growth and innovation. As the cyber insurance market continues to mature, its ability to provide effective solutions for clients and manage risks effectively will become even more crucial.