Subscribe to our Newsletter!
By subscribing to our newsletter, you agree with our privacy terms
Home > Cybersecurity > Insurers have seen the costs of cyber attacks almost double
August 26, 2022
One way to assess the advance of cyberthreats is to look at a business sector seemingly far removed from this universe-the insurance industry. Although cyber insurance has been offered for 20 years, it has only recently received more attention because of one not-so-pleasant aspect-changes in premium rates and access to coverage.
Large-scale attacks, and their consequent catastrophic losses both financial and operational, are prompting insurers to take steps to limit their levels of risk exposure.
According to a report by the US Government Accountability Office (GAO), more insurance customers are taking out threat coverage – from 26% in 2016 to 47% in 2020. At the same time, insurers in that country have seen the costs of cyber attacks almost double between 2016 and 2019, and as a result, insurance premiums have also increased significantly.
Other important trends in cyber insurance relate to lower coverage limits in high-risk sectors and higher premium amounts. The costs of any class of insurance, including cyber insurance, are based on criteria such as frequency, severity, potential loss and uncertainty about future threats.
GAO reported, industry sources said the higher prices coincided with increased demand and higher losses caused by more frequent and severe cyber attacks. In a recent survey of brokers, more than half of the respondents’ clients saw prices rising between 10% and 30% by the end of 2020.
Regarding coverage limits, industry representatives told the GAO that the growing number of cyber attacks has led insurers to be imposing tighter restrictions for some sectors, such as healthcare and education.
According to the report, both insurers and clients face challenges. For example, developing cyber insurance products can be a daunting task given insurers’ poor access to historical data on losses caused by cyber attacks. For customers, meanwhile, knowing what will be covered by insurance may be unclear because terms such as cyberterrorism do not have a standardised definition.
Insurers are increasingly developing specific policies for cyber risks, rather than considering them in other coverage. This trend may be reflecting demand for more clarity on coverage and limits for cyber incidents. To some extent, for policyholders, these changes may translate into fewer coverage options, stricter criteria and more exclusions.
A study conducted by BlackBerry e Corvus surveyed 450 IT and cybersecurity decision makers at companies in the US and Canada and revealed alarming gaps in insurance coverage.
One of the biggest concerns is related to ransomware. The survey revealed that only 19% of companies surveyed have coverage for ransomware cases above the average value of ransomware requests ($600,000). Among small and medium-sized businesses, only 14% have a coverage threshold above that amount.
There are still other, more alarming gaps in cyberinsurance. More than a third (37%) of respondents are not covered for ransom demands in the event of an attack, and 43% are not covered for associated costs, such as legal fees or losses caused by downtime.
Representatives from insurance brokers offered by Allianz, Lloyd’s of London, Swiss Re and others have pointed out to The Record website some of the most prevalent cyber threat trends among both large and small and medium-sized customers.
November 25, 2022
November 14, 2022
November 03, 2022
October 18, 2022
October 13, 2022
October 05, 2022
September 19, 2022
Previous
Your backlog of vulnerabilities could be in the thousands
Next
Bug identified in Elon Musk's Starlink satellites
