Average premium increases for cyber insurance increased a stunning 34.3% in the fourth quarter of 2021, a magnitude not seen since the 9/11 terror attacks, according to the latest survey of brokerages by the Council of Insurance Agents and Brokers.
The increase, part of an ongoing trend, reflects the growing threat posed by cyberattacks — namely, ransomware attacks and business email compromise scams — that have surged in both cost and frequency. This increase in attacks has, in turn, resulted in a rise in cyber liability claims and subsequent underwriting losses.
As we reported in our 2022 Market Report and Forecast, while more businesses are looking to purchase cyber insurance for the first time or to expand upon their existing coverage, many carriers are taking a more cautious approach.
In part that means insurance carriers that once offered policies with limits of up to $10 million are now extending smaller layers of coverage closer to $5 million. We’re also seeing carriers reject coverage entirely to companies without a variety of cyber protections in place. Items such as endpoint detection and response, privilege access management, staff training, and others are all now key requirements from carriers.
Overall premium prices climbed further in the fourth quarter, according to the CIAB survey, marking the 17th consecutive quarter of premium increases. The average increase in premiums across all account sizes was 8.7%, down slightly from the 8.9% recorded in the third quarter.
Tips for Insurance Buyers
- Work with your insurance advisor to understand the different types of cyber coverage available and secure a policy that suits your unique needs. Carefully determine whether your organization should purchase standalone cyber liability coverage.
- Take advantage of loss control services offered by insurance carriers to help strengthen your cybersecurity measures.
- Provide remote employees with adequate resources, support and software to avoid cybersecurity concerns amid work-from-home or hybrid arrangements.
- Focus on employee training to prevent cybercrime from affecting your operations. Employees should be aware of the latest cyber threats and ways to prevent them from occurring.
- Keep organizational technology secure by utilizing a virtual private network, installing antivirus software, implementing a firewall, restricting employees’ administrative controls and encrypting all sensitive data.
- Store backups of critical data in a secure, offline location to minimize losses in the event of a ransomware attack.
- Update workplace software regularly to ensure its effectiveness. Keep employees on a strict software update schedule and consider using a patch management system to assist with updates.
- Establish an effective, documented cyber incident response plan to remain operational and minimize damages in the event of a data breach or cyberattack. Test this plan regularly by running through various scenarios with staff. Make updates to the plan as needed.
- Develop workplace policies that prioritize cybersecurity — including an internet usage policy, a remote work policy, a bring your own device policy and a data breach response policy.
- Be sure to consider potential supply chain exposures when establishing your organization’s cybersecurity policies and protocols.
The Mahoney Group is one of the largest independent commercial insurance and employee benefits brokerages in the U.S. For more information, contact us online or call 877-440-3304.
This article is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.