3 Key Takeaways About the State of Cyber Liability Insurance
- Cyber risk insurance has turned into a hard market because of its focus on controls, reduced capacity, reduced bandwidth, and ransomware claims with a 12-fold increase in ransomware demand amounts (according to the NetDiligence 2021 Annual Cyber Claims Study).
- Clients and underwriters alike are challenged with new demands and risk not being able to get adequate coverage in place.
- New technology is playing an important role in placing cyber insurance and exposing risk.
These takeaways, along with the claims information from NetDilgence’s 2021 Annual Cyber Claim Study, provide keen insights into the state of cyber security and coverage. Watch the video for the full discussion with Mark and Brian; or read on for some of the highlights.
In 2021, more than 46% of companies are opting to obtain cyber insurance coverage, but they may be surprised at what they discover.
Many of them are finding their coverage has lower limits. Or they’re finding their premiums have skyrocketed because loss ratios for standalone cyber insurance have risen to 73%. Or, worse yet, companies are finding they can’t get a policy at all.
Companies worried about their cyber security and risk mitigation must understand these and other cyber insurance trends in 2021. After a recent meeting at NetDiligence’s 2021 Cyber Risk Summit, NetDiligence President Mark Greisiger and ProWriters Insurance President Brian Thornton got together to discuss the current cyber liability insurance environment.
MG: Brian, for our first question right out of the gate: How would you describe the state of the cyber risk marketplace today?
BT: It’s a tough time in the market.
A year ago, some other lines moved into a hard market, and cyber was tightening up or firming up. But this year, in the summer, it really moved from a hardening to a hard market. That created some significant challenges for everybody. Risks that people were aggressively going after in June were off the table. You saw a bunch of noteworthy ransomware events, and I think it caused markets to pause to reevaluate their appetite. It pushed everything into overdrive. We started seeing a tightening or a reduction in capacity from some markets, and that’s been accelerated.
Now small, medium, and large companies are all facing similar issues because of all the ransomware claims. Obviously, loss ratios have gone up, so it’s forced carriers to start asking a lot more questions of them. The carriers are going to get more granular on a lot of the controls. If you don’t have some of these controls in place, you may be uninsurable.
The speed at which all this has changed has created some significant challenges for clients that haven’t been able to move as quickly, so the market is doing them a disservice. It’s not everyone holistically coming to some standard agreements on basic controls that are necessary. Risks were kind of caught behind the eight ball, so to speak, and that they don’t have certain things in place, so those were big challenges. Things like MFA (multi-factor authentication) for remote access to your network weren’t necessarily asked for in the past, but now even the smallest risk carriers are asking for it. If you don’t have it, you may not be able to get insurance.
MG: Talking about controls, if there are more controls, does it take longer to process and underwrite coverage?
BT: Yes. If you think about it, underwriters and brokers had huge books of business, of which 80% would be on autopilot for renewal. Nothing changed; we didn’t expect major changes. Now brokers’ and underwriters’ desks are full, redoing all of their underwriting. Clients and retailers all complain they can’t get a timely response.
MG: I’m hearing some markets are declining a significant percentage of renewals. And I recently spoke to one broker whose client’s $20,000 premium went up to $200,000.
BT: It’s amazing. You’re seeing clients say, “Well, wait a minute, they aggressively wrote my coverage last year and were below our previous carrier, and this year they’re non-renewing me!”
The cyber liability insurance underwriters are getting calls from on high about updated required controls for endpoint protection from certain vendors or pre-approved vendors. And now they’ve got to have MFA at multiple levels. They’ve got to have segregated backups. It’s a lot more work digging into these controls and educating the market as to why they’re necessary.
And the underwriters have a lot less flexibility when it comes to answering application questions. It’s not the old-fashioned underwriting that was a little more art than science, and they could adjust their terms. Today, that doesn’t make for a loss ratio that’s sustainable.
Another change when it’s time to renew is that clients see cyber insurance go from a smaller percentage in the price of their overall portfolio (including their G&L, D&O, and property coverages) to a larger one because of the risk it represents.
MG: You know, I think we’re going to look back in a couple of years and say we’re looking at endpoint protection now as a baseline standard of care and control. It’s going to be looked at the way antivirus has been looked at for 10 years—how could you not have had that, or a cloud backup? It costs $12 a computer and a couple of dollars to install. It’s a no-brainer. But I think there’s pain in the beginning because the client’s seeing these things right upon renewal. They’re trying to get their ducks in a row, and it’s overwhelming and chaotic.
BT: The other thing to remember is everyone is going through a learning curve right now on all sides of the process. The clients, the agents, the brokers, the MGAs (managing general agents), the underwriters—we didn’t know what we didn’t know. But as we learn it, we’ll get faster and do a better job of protecting risk and loss ratios.
Something we haven’t touched on yet is the role of technology in all of this.
MG: Yes. Let’s talk a little bit about the role technology is playing in the cyber insurance space today.
BT: It’s really fascinating. You and I are in a unique position insuring cyber risk and looking at the defenses, but then also, as an industry, utilizing technology.
With the advent of the InsureTechs, you’ve seen a lot of scanning technology outside in-looking. It’s been interesting to see the standard application process of an underwriter reviewing a PDF moving to integrated scanning as part of the underwriting process, with automation all around that allows carriers and or MGAs to write a risk in a much faster fashion. It’s potentially more accurate. They can catch certain things in an application that has an embedded scan as part of it, like open ports that might be a way ransomware gets in.
MG: That’s important. Because when ransomware gets in, the next thing clients have to worry about isn’t just the ransom demand but the interruption to their business. Our Annual Cyber Claims Study found ransomware incidents accounted for 79% of the claims with a business interruption loss.
BT: Right. And these are risks they wouldn’t have seen before, and they would have written the coverage somewhat blindly. But now they can decline or refer the account elsewhere because of what the scanning technology reveals.
Scanning can help with out-of-date software, too. The brokers can use scanning reports to go back to the client and tell them things they need to fix. It can also expose issues or holes with third-party partnerships where they may have some automated processes that normally wouldn’t have come under scrutiny but now could be a vulnerability. Plus, automation can also save time and reduce errors because there’s not a lot of rekeying information or data entry.
All this information allows brokers to service clients better. And it’s all part of the critical controls needed to mitigate risks and help clients get the coverage they need at a reasonable price point. It makes a more user-friendly market for the end clients.
Watch Mark and Brian’s full discussion about the top three cyber insurance trends of 2021. As the president of ProWriters, which specializes in streamlined underwriting for agents, brokers, and their clients, Brian has unique insights into the state of the market that he shares in the video. If you have any questions about insurance trends or coverage for Brian, reach him here. Mark Greisiger can be reached at NetDiligence.
To learn more about ProWriters Insurance, visit ProWritersIns.com.
To learn more about NetDiligence, visit NetDiligence.com/solutions.
For additional reading on the trends of the current cyber risk market Mark and Brian mention in their discussion, don’t forget to download our 2021 Annual Cyber Claims Study.