Cyberattacks, including ransomware, have soared over the past year, contributing to an increasingly difficult cyber insurance market characterized by climbing rates, reduced insurer appetite, tighter underwriting, and an increased focus on systemic risks.
Cyber insurance pricing increased during the third quarter of 2021, following multiple quarters of upward movement. Total programs experienced average rate increases of 101%, while rates on primary programs went up by an average of 97%. The current challenging market is expected to continue for the near future. Organizations will be well served to both shore up their defenses and to secure suitable cyber coverage.
Increased claims frequency and severity, higher losses, and deteriorating profitability are putting pressure on cyber carriers. Insurers are increasing scrutiny on all accounts, including loss-free ones with good controls, and raising rates and retentions. In addition to asking more questions at renewal, carriers are using third-party tools to analyze insureds’ level of risk.
While coverage remains available, some insurers are scaling back ransomware-related coverage, sometimes withdrawing it completely for clients with poor controls. This comes as downtime following a ransomware event and data exfiltration are increasing significantly year-on-year.
Pricing pressures are forcing companies to make challenging decisions as they review their risk transfer budget. In September 2021, 23% of Marsh clients reduced their cyber limits. However, 7% increased their limits, underscoring that cyber risk is growing, poses a significant threat to all organizations, and that, despite pricing increases, cyber insurance remains an economically viable solution.
Ahead of renewals, clients are advised to carry out a thorough self-assessment to identify vulnerabilities and take the needed steps to protect their organization.
With insurers being more diligent in determining which risks they will take, cyber hygiene controls are becoming the new minimal standard for companies to secure coverage. Implementing these controls will also help organizations become safer and stronger.
Insureds should prepare for increased scrutiny and more questions from cyber carriers, and approach renewal meetings with data to back up their narrative. It is important to consider potential changes in your program, including alternative terms and conditions, to minimize increases and maximize coverage.
It is critical to understand that no extent of mitigation measures will completely eliminate cyber risk, requiring organizations to adopt robust strategies that include effective risk transfer solutions.
For more information on the state of the US cyber insurance market, the actions that you can take ahead of cyber insurance renewals, and what’s next, watch the replay of our recent cyber webcast.