With attacks on the upswing, cyber-insurance premiums poised to rise

An increase in cyber-insurance claims in 2023, driven by a more active threat landscape, will likely mean that last year’s price plateau in cyber-insurance premium costs will be short-lived, according to industry experts.

While premium costs fell by 6% in the third quarter of 2023 compared with the same quarter in 2022, ransomware- and privacy-related claims had already skyrocketed from the previous year, according to risk management consultancy Marsh. While it’s unclear which direction insurance premiums will take in the next year, companies should expect cyber-insurance costs to rise in the next 12 to 24 months, says Roman Itskovich, chief risk officer and co-founder of At-Bay, a cyber-insurance and security startup.

“We’ve seen declines and average price to stabilize over the last couple of quarters,” he says. “So at the very least, I think that pricing is going to stay stable. I think that over the next two years prices are going to increase. I just don’t know when. I don’t think anyone knows that.”

The cost of cyber-insurance premiums typically lags changes in the threat landscape. In 2020 and 2021, for example, ransomware and other disruptive attacks surged, leading to significant costs for the insurance industry. On average, the industry saw its direct loss plus defense-and-cost containment (DCC) ratio — a measure of the costs of a portfolio of policies compared to its revenue — surge to 73% in 2020 and 68% in 2021, before dropping last year to 43%, according to data from FitchRatings.

The annual increase in cyber-insurance premiums has declined in recent quarters, after a massive spike in late 2021 and early 2022. Source: Marsh

When attacks surged, soon so did premium fees, more than doubling year-over-year by the fourth quarter of 2021, according to data from Marsh. Throughout 2022 and 2023, however, rate increases slowed and actually declined in second and third quarters of 2023, according to the latest quarterly Global Insurance Market Index report.

“Improvements in cybersecurity controls have led to a higher proportion of insureds not paying ransoms, [even though] they may still incur breach response expenses and business income losses to which cyber policies respond,” Marsh stated in the report.

Pandemic, Ransomware Chaos Subsiding

In many ways, the chaotic cyber-insurance market originated with the coronavirus pandemic. Following an increase in cyberattacks during the pandemic, cyber-insurance claims surged, leading to a dramatic increase in pricing. While insurance companies are always on the lookout for systemic risks that could derail their markets, they failed to predict the pandemic and companies’ shift to remote work and the cloud. That led, in turn, to an attractive opportunity for cyberattackers, says Alla Valente, a senior analyst with Forrester Research.

Those changes “broke” the cyber-insurance market, she says.

To read the complete article, visit Dark Reading.