Elements of an effective cyber insurance market and analysis of cyber risk insurance data and trends
The Property-Casualty Insurance Association of America (APCIA), in collaboration with CyberAcuView, has released a comprehensive cyber insurance market data and trends study that addresses new challenges, changes in underwriting practices and the ongoing evolution of cyber insurance in the technology landscape.
The Elements of an Effective Cyber Insurance Market report highlights that cyber risks are an ever-evolving threat, emphasizing the importance of an effective market for cyber insurance products to meet consumer demand. Shelby Schonze, director of cyber consulting at APCIA, said that because the cyber insurance market is still developing, it needs time to mature and sustain its growth, Beinsure Media writes.
The report found that the cyber insurance market is leveraging access to data, more efficient underwriting processes, capital market investments, working with law enforcement and relevant security agencies to combat cybercrime, and initiatives to address systemic risks to benefit both policyholders and society
It was also emphasized that an efficient cyber insurance market develops due to consistency and an appropriate level of regulatory flexibility that does not burden insurers in adapting to changing consumer needs, expectations and risks.
With this in mind, insurance regulation should promote informed consumer choice, provide oversight of solvency and stop fraud in the marketplace, the report said. Efficiency and market competition should also empower consumers by offering insurance coverage options.
Insurers are looking for new opportunities to expand the cyber insurance market. Slowing price growth and stronger cybersecurity protections for companies will help expand the cyber insurance market.
According to S&P Global, modest increases in cyber insurance prices could open the way for new buyers to enter the cyber market and make life easier for existing customers. The stabilization of cyber insurance prices in the second half of 2022 and the first half of 2023 led to improved conditions for insurers and policyholders renewing their cyber coverage. However, the cyber market has great aspirations for growth, which can only be achieved if new buyers appear.
For existing customers, the rate hikes and coverage limits that insurers imposed when the tight market was in full swing were not a problem for customers who continued to see the value in coverage.
The demand for cyber insurance is constantly growing and is expected to double annually every year, and ransomware attacks are currently one of the most common cyber threats.
While insurance, particularly ransomware insurance coverage, can increase the resilience of companies, it cannot eliminate the criminal behavior that perpetuates ransomware problems. Consumers need to be more vigilant about cyber risks and their impact on individual companies and their partners.
“To ensure the appropriate development of affordable insurance solutions to manage emerging cyber risks, the market must be allowed to develop. Experience, innovation and collaboration will show how far the private sector can go in the cyber market for the benefit of all stakeholders,” Schonze said.
Cyber insurance prices will only decrease for companies that have made efforts to protect themselves from ransomware and other cyber threats. “The good news is that this correction in cyber protection rates has happened now and we are seeing premiums come down,” Marsh analysts said.
In 2021, the insurance industry was hit by a ransomware epidemic, which caused insurance premiums to rise significantly. The cost of cyber insurance has more than doubled. Insurers quickly realized that they were misjudging the risk itself, and this was evident in their loss ratios.
Although premiums are on the decline in 2023 – a recent report from broker Howden said they were down 10% year-on-year – the correction has cyber insurers wary.
The biggest threat to businesses is ransomware, which occurs when criminal groups, often based in Russia and Eastern Europe but capable of striking around the world, cut off a company’s access to its data and the criminals demand it back. However, hacker tactics have changed.