The price of protection: Why cyber insurance premiums are on the rise

Premiums for cyber insurance rose by 62% in 2022 following a 91% increase in the previous year. Several factors have contributed to the increases, including challenges in underwriting policies, limited reinsurance investment, and the volatility in cyber threats.

The reason why underwriters are facing challenges with cyber insurance is due to:

• Lack of historical data – in comparison to other lines of insurance such as natural disasters, cyber is relatively new. There haven’t been enough cases to effectively formulate a model to base policies on.
• Lack of sufficient cyber data – insurers are only aware of cyberattacks that are reported on. The law doesn’t require all breaches to be reported, only those that impact data on employees, customers or clients. The lack of data available is making it difficult for underwriters to measure all of the costs that are associated with cyberattacks.
• Awareness gap – organisations lack knowledge about their internal preparedness for cyberattacks. Many companies still don’t have basic cyber hygiene measures in place which makes it extremely difficult for insurers to establish the level of risk.

Also, the demand for coverage has risen as costly cybercrime incidents have increased, with ransomware attacks being one of the leading causes.

Businesses have been claiming for cover against activities relating to response, recovery, business interruption and reputational damage. We’ve seen this just recently when Capita announced they expect to pay up to £20mn to cover professional fees, recovery and remediation costs following a Russian ransomware attack.

The uncertainties in the market paired with high pay-outs have caused insurance companies to be more cautious about cyber insurance offerings. Insurers have now made changes to three key areas to combat the challenges. These are:

• Increasing cyber security premiums – due to the increase of claims and severity of attacks
• Thorough pre-cover activities – insurers are moving away from simple forms and now want organisations to carry out thorough risk assessments to establish their eligibility for a policy
• Selective coverage – insurers are now setting clearer conditions about what they’ll cover, for example some insurers have now excluded state-backed attacks from their policies.

So, what can you do to bring that premium down and keep your business secure?

While we know insurance can provide financial protection against the losses incurred due to a data breach or cyberattack, it does not provide any protection against these attacks happening in the first place.

Investing in robust security tools allows your organisation to be proactive in the fight against cyberattacks and helps to prevent the subsequent disruption to your business operations.

Below we’ve listed our top five reasons why you should invest in security tools before taking out a cyber insurance policy:

1. Prevention and mitigation –By implementing security measures such as firewalls, intrusion detection systems, encryption, and access controls your business can significantly reduce the likelihood of a successful attack.

2. Protect sensitive data – security tools help safeguard customer information, intellectual property and financial records. Breaches can result in the loss, theft or exposure of this data, which leads to legal consequences, reputational damage, and loss of customer trust. Protecting this data with adequate security measures is vital for long-term success and stability of your business.

3. Reputation and customer trust – a data breach can significantly damage your organisation’s reputation. When customers perceive your business as insecure or negligent in protecting their information, they may take their business elsewhere. With the right security tools, you can demonstrate a commitment to data protection and maintain customer confidence, loyalty and brand reputation.

4. Operational continuity – a significant breach can disrupt business operations which leads to downtime, loss of productivity and financial consequences. Having the right security tools in place will help maintain operational continuity by preventing or minimising the impact of cyber incidents. It allows your business to continue serving customers and avoid potential revenue losses and other associated costs.

5. Regulatory compliance – many industries are subject to specific standards and guidelines set by governing bodies to demonstrate prevention and mitigation against cyberattacks. Examples of these include GDPR, PCI DSS, ISO 27001 and HIPAA. Compliance with these regulations requires implementing specific security measures and demonstrating due diligence in protecting data. Investing in security tools helps to maintain this compliance and avoids potential penalties and legal issues.

While insurance can provide financial protection after a breach, it should be considered as part of a comprehensive strategy rather than a standalone solution. By investing in security tools properly your business can proactively address risks, preventing them from becoming incidents.