Rising cyber-attacks and continued hardening market conditions have presented the cyber insurance industry with a multitude of challenges. How has the industry fared this year?
Cybercrime has reached an all-time high. Attacks are both more frequent and more damaging than they have ever been. Total global economic losses were estimated at approximately $6trn in 2021. Cybersecurity Ventures forecasted that with further annual rate increases of 15% it will reach $10.5trn by 2025.
Melanie Hayes, chief marketing officer at cyber risk management company KYND, said that ransomware has played a large part in this. She said this “digital plague of our time,” accounts for a higher proportion of losses, with the average ransom demand reaching $2.2m in 2022, more than doubling since 2020.
Unfortunately, this ubiquitous threat shows no sign of slowing down in the foreseeable future. “Just in the first half of 2022 alone, the world witnessed a host of high-profile ransomware attacks around the world including Nvidia Corp, the world’s largest semiconductor chip company, Samsung, a major electronics manufacturer, and Toyota, an automotive industry giant, amongst many others,” Hayes said.
These attacks were severe and had very serious consequences for the companies involved. The attack on Nvidia saw employee credentials and proprietary company information leaked online. Reports at the time revealed that a hacking outfit called “Lapsus$” took responsibility for the breach and claimed to have stolen 1 terabyte of information, including “highly confidential/secret data” and proprietary source code. According to posts from the group, this included source code for Nvidia’s hash rate limiter, which reduces the Ethereum mining performance of the company’s RTX 30-series graphics cards.
Meeting the new minimum
The surge in cyber-attacks and the associated systemic cyber risk has also led to insurers raising rates, limiting coverage and mandating new security standards. Hayes said that as a result, businesses are struggling to meet the new minimum cybersecurity requirement imposed by insurers in order to obtain a cyber policy. “In some instances, this means they end up with insufficient coverage or are refused coverage altogether,” she said.
The hardening market has also led to a growing friction between the insured, brokers and underwriters. With the threat landscape evolving and insurance applications becoming more complex, Hayes said there is now a bigger risk that underprepared organisations either can’t answer the questions on their risk management measures or will provide inaccurate data.
“As a result, insurers aren’t receiving the information they need from their clients to assess the level of risk they’re willing to underwrite, and brokers therefore can’t provide accurate or cost-effective cyber insurance quotes for their clients,” Hayes said.
In the volatile threat landscape, Hayes continued, having centralised visibility into an insured’s up-to-date, tailored risk profile has never been more important for reaching a balanced and positive outcome between all participants of the value chain.
To alleviate some of this friction, Hayes said InsurTechs, such as KYND, have a key role to play. They are able to provide next-generation cyber risk management technology that provides the accurate cyber risk insight that is required by all parties.
A rise in collaboration
Despite the aforementioned challenges and friction points, Hayes remains positive about the outlook of the cyber insurance industry thus far in 2022. She said the patterns observed in recent months indicate that insurers are charting the path to a more prosperous future and healthier cyber insurance market.
Given the previously noted increase in friction within the insurance value chain, the role of technology and solutions has taken centre stage in 2022. Hayes said that the industry has recognised the challenges it faces, and as such collaboration between insurers and InsurTechs is on the rise.
These partnerships help to “fill in the gaps”, by using easy-to-digest visibility of an insured’s cyber risk profile that traditional carriers may not be able to provide. “Whether this risk intelligence is analysed by an insurer, broker or even the insured themselves, the improved visibility means that it is possible to immediately see where the risk lies, which is the important first step in managing and reducing it,” she said.
KYND has seen cases where using its technology has allowed brokers to be able to explain to clients exactly where their vulnerabilities are before the point of submission. Hayes said this also can enable underwriters to send the information straight to insureds or brokers, giving them time to organise and implement the necessary procedures. “The most significant benefit for insureds is that the steps taken to improve their cyber posture will allow them to achieve not only favourable coverage this year but also a smoother renewal in the future.”
More proactive risk management
There has been a significant shift in mindset by both insurers and insureds in the cyber insurance space. Hayes said that approaches have shifted more towards continual proactive cyber risk management, and away from a “once-a-year box ticking” approach.
“An InsurTech like KYND enables early engagement and collaboration with the organisations beyond traditional pre-submission preparations and allows the proactive risk management approach to be built to suit the organisation’s needs” Hayes said. This boosts their cyber resilience, complies with the underwriter’s requirements, and helps secure the necessary coverage under tightening market conditions.
This new proactive risk management approach is also fuelled by the rise in partnerships between insurers and InsurTechs, Hayes said. Regardless of what the future holds for the market, this is laying the foundation for a better risk engagement for the insured, and ensures strong relationships between the insured, the broker and the insured, ultimately supporting the further successful market growth.
“As organisations get to better grips with managing and reducing their cyber risk exposure,” Hayes, said, “Insurers might potentially be inclined to review their risk pricing models and reward those clients that can demonstrate higher level of security standards with more favourable insurance quotes.”
Recently, KYND released the next generation of its cyber risk management for the managed service providers (MSP) sector.
Copyright © 2022 FinTech Global
Copyright © 2018 RegTech Analyst