The warning signs are quite visible and growing louder by the day. You see it on social media, watch it on TV, and hear about it in the workplace. Stories of cyberattacks and ransomware continue to dominate national and international media coverage. It is certainly not discriminatory – in fact, no one is spared. From small businesses to large corporations, all industry sectors are affected.
The risks are terrifying. These cyberattacks can lead to significant impacts: damage to information technology assets, losses related to business disruption and theft, release of sensitive information, and exposing entities to liability from customers, suppliers, employees, and shareholders.
It is an absolute necessity for insureds to manage their cyber risk, and there is no time to waste when deciding to secure cyber insurance. Why now, you may ask? What has changed in recent months to generate this heightened level of urgency? Here are key trends submitted to Congressional Committees recently by the United States Government Accountability Office (GAO):
The demand for cyber insurance has increased as entities better understand and respond to increasing cyber risks. Based upon data from Standard and Poor’s (S&P) and the National Association of Insurance Commissioners (NAIC), the number of cyber insurance policies increased by approximately 60% from 2016-2019, from about 2.2 million policies to more than 3.6 million policies.
In early 2021, S&P reported that cyber insurance premiums were expected to increase 20% to 30% per year for each of the next five years on average. Throughout 2021, we have seen rate increases of 10% to 50% depending on the individual insured’s practices and the carrier’s appetite and capacity. As we enter 2022, we expect risks with excellent controls to experience rate increases of 10% with an uptick of 30% or higher.
Reduced Coverage Limits for Certain Sectors
Due to the increasing frequency and severity of cyberattacks, especially ransomware attacks, insurers have reduced cyber coverage limits for industry sectors such as healthcare, education, and public entities. Insurers have also been led to add specific limits on ransomware coverage.
Tighter Terms and More Exclusions
Industry participants have noted that insurers have been tightening the terms and conditions for cyber-specific policies. To avoid any ambiguity that coverage would overlap with policies, insurers have been adding exclusions to traditional lines of coverage and package policies with cyber endorsements.
Keep in mind that the market is still evolving. The industry is still gathering data and trying to maintain the same rate of progress. Technology and methods of cyberattack continue to change, therefore making it difficult for insurers to underwrite coverage. Limited availability of historical loss and cyber event data add obstacles when determining the probability of loss from a cyberattack.
Now, more than ever, it is important to partner with a leader like Sentinel Risk Advisors, LLC who can represent you in the marketplace. Sentinel was built to be customer-centric; to help you build strategies for the unexpected and guide you to withstand the tumultuous market changes.