What are some current cyber insurance trends to note?
The conversation is all about ransomware. That’s what is driving the marketplace and while it has been around for a long time, the frequency has increased in the last two to three years. Because of that, we are in a hard market for cyber insurance, where there is a limited capacity and higher premiums.
The market accelerated for cyber insurance in 2010, when there were several data breaches in the retail and healthcare sectors. Carriers pivoted into the space then and there was a lot of capacity available from around 2015 onward because of the competition, premiums were competitive but there was no real focus on risk quality.
The frequency and severity were accelerating before the COVID-19 pandemic but the work from home environment has made an impact. Phishing attacks compromise the network and more than 25% of claims are related to remote access being compromised. The work-from-home environment has accelerated the exploitation of the vulnerable because of that remote access.
Does digital transformation play a role?
Digitization has been happening for the last 20 years and data breaches weren’t necessarily impacted by that except in healthcare. It really depends on the industry sector.
For manufacturing, there isn’t a lot of sensitive information, and so prior to the most recent past manufactures weren’t a targeted sector because there was minimal information risk but because of trends they’ve been hit hard and we’ve tried to bring in more security there.
What are the most interesting findings from the “Ransomware trends: Risks and Resilience” by Allianz Global Corporate & Specialty?
One of the areas of focus has been the maturation or maturing of the ecosystem of gangs. Ransomware as a service is getting much more to the point of a subscription service that is available for $40 a month. Bad actors can use this service, get access and deploy ransomware attacks and get paid. The rise of this should be focused on because it is a service and it will impact companies that don’t have basic cyber hygiene in place.
There is a need to understand and provide better cyber security.
Looking ahead, what should insurers be aware of?
We are optimistic about ransomware trends. We expect it to show up in data in the next couple of years that we have taken steps to secure and address ransomware. There will be improvements.
Another area of focus includes privacy and technology development that can impact privacy and security like artificial intelligence. There has been a lot of regulator focus on this and there is a growing marketplace. One of the key challenges for us is understanding the limitation and the new exposure it introduces to clients and how we can underwrite it.
Privacy and new regulations are introducing the idea of privacy rights.
Also, AI is going mainstream and being adopted by companies–this will impact how we look at privacy and security in the future.
