February 17, 2023 10:07 AM . Supply Chain Security: This is the management of potential risks in the entire supply chain, including external suppliers, logistics and technology. Subscribe. As 2023 begins, businesses must anticipate and prepare for evolving cybersecurity trends and threats. But perhaps the most impactful change in the market is one thathigh-risk industries such as constructionhave long-been warned about: with cyber insurance no longer seen as a mere risk-mitigation tool, it falls to businesses to reduce cyber risk internally before applying for cyber insurance (see Biggest Cyber Unicorn Startups). Businesses will similarly feel the benefits of MSSPs involvement in the process of seeking cyber insurance, as they will have a reason to work harder to improve their overall cyber resilience, and do so against clear benchmarks. However, trends at the end of 2022 suggest that there . At the same time, cyber-insurance policy providers are indicating that current approaches won't be sustainable forever. Munich Res current Global Cyber Risk and Insurance Study shows that the proportion of decision-makers who are seriously worried about potential cyber-attacks on their companies has increased significantly to 38%, compared with the previous years figure of 30%. This was a trend also observed by Munich Re in the past year. When it comes to considering how much coverage to obtain, firms should work closely with their brokers to assess their risk appetite while paying close attention to the amount of sensitive information they house. The increase in the number and severity of cyber attacks in 2020 and 2021 has triggered significant changes to the cyber insurance marketplace. 12. Our approach in cyber insurance is unchanged: disciplined in underwriting and stringent in risk management. Certain classes exceeding 400%. The problem is thats not always the case, such as ransomware-as-a-service which are more indiscriminate attacks, he said. The following is the first blog post in a multi-part series on cybersecurity insurance produced by ACA Aponixs Thought Leadership Team. Demand for cyber insurance is currently growing more steadily than the capacity on offer. Premium trends Primary. As providers continue to look to shore up their risk and avoid major losses, retention policies may become a clause they increasingly lean on to distribute the risk. 6. Please enable scripts and reload this page. This coverage protects against liability for breaches involving sensitive customer information, such as SSNs, credit card details and health records. Carrier applications are getting more difficult, and underwriters want to see proof of cybersecurity protocols, such as multifactor authentication, mandatory employee cyber training and consequences for those employees that do not meet company cybersecurity requirements. At the same time, the cyber insurance market is one of the fastest growing segments in the insurance industryand that isn't expected to change anytime soon. By engaging early in the planning and application process, firms will be able to better identify existing gaps in their security and work to remedy them to increase their chances of securing a policy with more attractive rates and coverage. Requiring multi-factor authentications (MFA) for remote access to networks is the big thing that the insurance industry got in lockstep with over the last few years. Some criminal perpetrators also cooperate with state actors. Insurers will be focusing even more strongly on the targeted analysis and use of data. Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. On the insurance side, they will invest more in tools for underwriting cyber risk, portfolio management and high-end cybersecurity risk mitigation services to their insureds. Three cybersecurity trends with large-scale implications. The definition of insurability is key for the sustainability of the market, particularly as regards systemic risks and the extent to which these can be insured. Realize that businesses need cybersecurity insurance like humans need water. A Key Benefits of Innovation & Applied AI Technologies? [M] Munich Re / [P] Stanislaw Pytel / Getty Images. Specifically, if firms are determined to be of high risk, insurers are less likely to offer them a higher coverage limit or coverage altogether. The cyber-attack was discovered in time, so the population of the town of Oldsmar, near Tampa, was ultimately not in danger. Sign up today for ACA news, alerts, and events. beyond pure risk transfer) better explained to potential insureds. Cyber insurance pricing in the US increased an average of 96%, year-over-year (see Figure 1), in the third quarter of 2021 as organizations faced a daily onslaught of cyberattacks. How Technology-First Insurers Solves Data Problems? Cyber insurance is basically . An adequate level of cybersecurity increases insureds resilience and, at the same time, is a prerequisite for access to the insurance market. By contrast, a standard business impact assessment can set a business back many thousands of pounds, putting them out of pocket before they can get any true value for their money. In 2021 alone, the Conti group of hackers the most lucrative service provider extorted or earned at least US$ 180m from victims (Chainalysis). The European Union Agency for Cybersecurity (ENISA) recognised and analysed the increased risk from cyber-attacks on or via supply chains in its Threat Landscape for Supply Chain Attacks report. Now, three quarters into 2022, the market is clearly showing signs of improvement: New capacity and insurers continue to enter the market. The risk situation remains extremely dynamic. With October internationally recognised as Cyber Security Awareness Month*, it's a good time to explore some of the key trends in the cyber insurance world. For insurers, a single attack can trigger losses with a great many insureds. In Munich Res opinion, 2021 was not an exceptional year from a cyber perspective. On the one hand, UK businesses face a plethora of pressures from rising cyber insurance premiums - an increase of 66% year-on-year by 2022 Q3 - and shrinking coverage (see about Global Cyber Market ). Awareness of the danger is a good thing, but thanks to claims volatility, it isn't as easy as it used to be to secure cyber insurance. Munich Re is one of the market and opinion leaders in the cyber insurance sector. The cyber insurance market is hardening and becoming more mature as years pass and the market shifts and accommodates to new trends and data points. You may be trying to access this site from a secured browser on the server. This is also evident from Munich Res global Cyber Risk and Insurance Survey 2022. However, as we reported last year, the cyber insurance . Available to download is a free sample file of the Cybersecurity Insurance report . Only then can they protect themselves through targeted risk management. This is the nature of their relationship but it is not an exclusive one, since they usually dont work alone. 10. /etc/designs/munichre/mrwebsites/topics-online/current/css/fix.aem-editor.css, Munich Re: Global Cyber Risk and Insurance Survey 2022, Cybersecurity Ventures: Global Cybersecurity Spending To Exceed $1.75 Trillion From 2021-2025, European Council / Council of the European Union: Cybersecurity: how the EU tackles cyber threats, Bundesamt fr Sicherheit in der Informationstechnik (BSI) Lagebericht 2021: Bedrohungslage angespannt bis kritisch, Cybersecurity & Infrastructure Security Agency: 2021 Trends Show Increased Globalized Threat of Ransomware, Tenable: 2021 Threat Landscape Retrospective, Lloyd's Market Association: Cyber War and Cyber Operation Exclusion Clauses, European Union Agency for Cybersecurity (enisa): Threat landscape for supply chain attacks. Trend No. Carriers have basically raised the bar for entry for cyber insurance, increasing the information security requirements for organizations to qualify. The major factors driving the market include the increasing number of sophisticated cyber-attacks amplifying the fear of financial losses . When attacks strike, insurers call on IR experts to verify whether the client legitimately had all the protective measures in place they said they did when applying for coverage. In collaboration with various industry participants and in consultation with Munich Re, the Lloyds Market Association (LMA) has published four standard clauses to exclude cyber war from coverage. Organizations in and outside of Ukraine have faced various cyber threats, including large-scale DDoS attacks, heightened malware activity, targeted phishing campaigns, disinformation operations and attacks on cyber-physical systems. To continue playing a leading role in shaping the market, Munich Re is pursuing a learning strategy and continuing to invest in dedicated cyber teams and expertise. In September 2021, Marsh reported 23% of its clients experienced either a voluntary or involuntary decline in coverage. For Robinson, the jurys still out on whether banning ransomware payments can decrease the frequency of attacks. First-party cyber coverage protects your data, including employee and customer information. Flock raises $38 millon for insurance that enables quantifiably safer motor fleets, CyberSmart Raises 13M to Expand Cybersecurity Solutions, Altai Ventures launches $53mn fund to invest in insurtechs. Join 300,000 other insurance professionals today. Cybersecurity, Technology Risk, and Privacy, Mutual Funds, ETFs, and Other Investment Companies, Private Equity Sponsors and Portfolio Companies, take the 2022 Aponix Cyber Insurance survey here, The National Association of Insurance Commissioners, stop covering ransomware payments in France, Business Continuity Planning, Cyber Incident Response Planning, and Business Impact Analysis, Payment and Fraud Risk Assessment Services, Penetration Testing and Vulnerability Assessments, Newly Discovered Phishing Campaigns Evade Anti-Malware Systems. Recovery and replacement of lost or stolen data. This development affects a multitude of sectors, including the insurance sphere. For example, Hiscox, a leading cyber carrier, showed $1.8 billion in cyber losses in 2019, which was up 50% from the prior year. Between 2016 and 2019, the costs of cyberattacks to U.S. insurers almost doubled. Insurers offer protection and thereby support the productivity and capabilities of insureds. Amid changes in the threat landscape, bans on ransomware payments and other cyber-related laws could crop up across the US. Key practices include regularly changing passwords, configuring firewalls, encrypting data and backing up data. Big Data security solutions must offer real-time analysis and monitoring and be designed to avoid performance degradation, which leads to delays in data processing. While brokers and their clients should acknowledge that a lot of hard work has been done, cyber security is an evolving process. Title Insurance Industry outlook switched to negative, Insurtech Lemonade shared Q4 2022 results: premium reached $625 mn, a 64% increase, Insurtech Rootshared Q4 2022 results: written premium a ~23% decrease to $122 mn, Malaysias Insurtech PolicyStreet received license for operate in Australia, Insurtech Kanguro launches pet insurance in Florida, Insurtech Kita secured 4mn led by Octopus Ventures to combating climate change, UNIQA Insurance Group improved 2022 consolidated earnings to EUR 425 mn. Also, if they are not protecting company assets, executives and owners will also face increased litigation. Organizations are improving their cyber hygiene. Cybersecurity must be integrated into software, system design, coding and implementation. Here are the top 20 cybersecurity trends to keep an eye on: 1. Some insurers charge as little as $10 a month for $25,000 worth of coverage. Ransomware: A malicious software that encrypts files and demands ransom for their decryption, ransomware attacks pose a significant threat in 2023. Not only are there direct costs involved in responding to a cyber attack, but likewise there are indirect costs including disruptions to business operations and reputational losses. We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. This cookie is set by GDPR Cookie Consent plugin. The objective of this series is to provide clients with the highest quality insights and expertise on the changing and evolving cyber insurance marketplace. Ransomware and cyber-attacks on both supply chains and critical infrastructures pose a greater threat than ever to companies and society. Enhanced scrutiny by insurers and rising premiums are impacting the amount of coverage available to firms. And while attacks on large organizations like the Colonial Pipeline have captured the headlines, in fact 50% to 70% have targeted small and medium-sized companies, underscoring the wide reaching implications of this threat. The general consensus among experts appears to be that criminals and state-motivated actors will continue to exploit the potential of these attack vectors and the criticality of supply chains. However, to attain coverage, businesses need to demonstrate good cyber health credentials in the first place creating a vicious cycle where neither goal can be reached without achieving the other.