Cyber insurance: clouds on the horizon
Recent years have presented businesses across the globe with large, rapid changes in the previously stable cyber insurance market. What’s driving this market turbulence, and how can businesses stay better prepared for challenges to both their budgets and technology?
Let’s start with a look at the evolution of cyber coverage and the trajectory of the market. One of the youngest essential coverages, cyber insurance got its start in the late 1990s as businesses began digitizing their operations. In response to digitization and online operations, the nascent cybercrime industry grew as well — and businesses began seeking more protection from these evolving threats.
Between 2009 and 2014, the demand for cyber insurance increased as cyberattacks grew more sophisticated and frequent. While cyber insurance provided essential protections to clients’ reputations and business operations, the cost for these coverages remained relatively stable. In the past two years, however, clouds appeared on the horizon, as a global trend of heightened volatility has affected insurers and, in turn, triggered rate increases worldwide.
More options within a challenging market
Today, we’ve seen a substantial slowing of those rate increases as compared to 2022. Primary and low-excess rates still show some single-digit increases, but are otherwise fairly stable. Despite this stabilization, businesses still must weather broad trends toward higher rates and less favorable terms and conditions (T&Cs).
The outlier in this upward trend is excess. Thanks to a flood of new entrants into the cyber insurance market, excess rates not only have stabilized, but are in fact showing rate decreases in some cases.
It’s an interesting evolution. What began as a soft market with low prices and broad T&Cs evolved quickly to increasing premiums and tighter T&Cs, and now has mostly leveled off but continues to present a hard market.
With all that is in play today, we believe the next several years will continue to bring dramatic market changes.
High stakes: the growing threat of cyberattacks
IT security vendors have sounded the alarm about a worrying trend: the number of ransomware attacks last year surpassed those of 2022. We’ve seen nothing to suggest 2024 will see a radical reduction in these online threats.
In addition, cybercriminals have shifted their focus. Rather than encrypting all company data and extorting funds for its release, bad actors have refocused their tactics to stealing sensitive information and threatening to publish it online.
As cybercrime — ransomware attacks in particular — evolves and escalates, the stakes are higher than ever for businesses and insurers. Because the threat shows little sign of abatement, we must remain vigilant, adjust our own tactics, and face these challenges head on, with foresight and clarity.
How businesses can weather the cyber market
1. Adapt and stay agile
What does it mean to face these challenges? One key factor is adaptability. Insurers and businesses alike can better navigate the current market by remaining responsive and agile.
Cybercriminals will continue to exploit weaknesses — both in our technology and in our behaviors — and new threats will continue to emerge. Because a cyberattack is no longer a matter of “if” but of “when,” we will continue to assess and adjust our own strategies frequently.
2. Invest in security.
Our absolute best advice to clients is to invest in secure IT systems and cybersecurity, ensuring the systems they have in place today continue to mature in response to new threats.
Knowledge is power, so we believe strongly in helping to raise awareness with our clients. Businesses should stay informed about current cyber threats, what they can do to minimize the likelihood of an attack, and how partnering with an experienced insurer can help. Our in-house risk engineering team can even assess and advise clients on potential security measures.
3. Prepare for the future.
No business is an impenetrable fortress, and despite all reasonable security measures there will still be digital vulnerabilities. Acknowledging this reality is a vital step toward better protection. A business can stay better prepared against cyberattacks by conducting thorough risk assessments — not just once, but on a regular basis. As the future brings new online threats, insurers and their clients must be able to identify their own weaknesses — from encryption to data security. If they don’t, cybercriminals surely will.
Stability and experience: secrets to survival
With the broad range of particulars affecting businesses today, it’s clear a one-size-fits-all approach to cyber insurance won’t work. Our clients have different priorities and challenges, and appreciate a tailored approach in response.
From business interruption to legal costs related to a data breach, threats vary — and insurance products that are built to meet specific cyber challenges can provide better protection as well as a more stable, sustainable marketplace.
This is where experience comes into play. In an ever-changing marketplace, businesses should seek out an experienced, stable insurer with an established commitment to cyber insurance. That proven track record will help the insurer and its clients to weather market fluctuations, while that historical knowledge will allow the insurer to distinguish between market noise and true volatility.
To learn more about how Liberty stays focused on the horizon of cyber protection, visit our cyber liability site.
Featured insights
This website is general in nature, and is provided as a courtesy to you. Information is accurate to the best of Liberty Mutual’s knowledge, but companies and individuals should not rely on it to prevent and mitigate all risks as an explanation of coverage or benefits under an insurance policy. Consult your professional advisor regarding your particular facts and circumstance. By citing external authorities or linking to other websites, Liberty Mutual is not endorsing them.