In the world of cyber insurance, the landscape has been shifting rapidly over the past few years. With the surge in ransomware attacks and claims related to specific products, such as ConnectWise’s ScreenConnect and Cisco’s Adaptive Security Appliance, insurers have been facing increasing challenges. However, recent trends suggest that premiums may be stabilizing as we move into 2024.
Corvus Insurance and Coalition are among the many cyber insurers that have reported a rise in ransomware attacks and claims in recent years. The increase in threat activity has prompted the Cybersecurity Insurance and Data Analysis Group at CISA to be relaunched in November, highlighting the seriousness of the situation.
TechTarget Editorial recently sat down with Peter Hedberg, the vice president of cyber underwriting at Corvus Insurance, to discuss insurance trends, targeted sectors, and recent attacks that may influence future underwriting practices. According to Hedberg, while attacks have been on the rise since 2023, policy requirements such as multi-factor authentication (MFA) are becoming more lenient for certain industries.
Hedberg noted that premiums are not increasing at the same rate they did in 2021 and 2022, indicating a stabilization in the market. Insurers are adjusting their underwriting processes and are changing the hygiene requirements they impose on policyholders. While the bar for cybersecurity remains high, there is a growing emphasis on MFA, zero trust network access, and better backups.
One of the key shifts in the cyber insurance market is the changing landscape of targeted sectors. While some segments are becoming more competitive due to perceived lower risk, the reality is that no industry is immune to cyber attacks. Insurers are seeing new types of claims, such as third-party biometrics, which have caught many off guard. Manufacturers using biometric data for authentication are now facing unexpected risks, highlighting the ever-evolving nature of cyber threats.
Despite the perception that there would be fewer claims in certain industries, the reality is that cyberattacks are still rampant. While ransom payments may have decreased, the costs associated with cyber incidents remain high. Insurers are grappling with the challenge of restoring businesses and mitigating the financial impact of cyber events.
When it comes to policy requirements, insurers are starting to loosen their stance on certain cybersecurity measures. Hedberg mentioned that some segments are seeing a loosening of requirements for tools like endpoint detection and response (EDR) and MFA. However, there is still a strong emphasis on maintaining robust cybersecurity practices, especially in industries that are high-value targets for threat actors.
Looking ahead, the rise of artificial intelligence (AI) poses a new challenge for insurers and underwriters. While AI has the potential to enhance cybersecurity measures, it also brings new risks and vulnerabilities. Insurers will need to adapt to the changing landscape of cyber threats and ensure that their policies remain relevant in the face of evolving technology.
Overall, the cyber insurance market is in a state of flux, with insurers and underwriters facing new challenges and opportunities. As the threat landscape continues to evolve, it will be crucial for insurers to stay ahead of the curve and adapt their policies to address the changing nature of cyber risks.