The industry for insurance is facing increased scrutiny as premiums soar and policy terms become more complex. The cyber insurance market is particularly volatile due to a record-breaking number of cyberattacks in 2023. The market is struggling to respond to catastrophic cyberattacks that could result in billions of dollars in losses. It is clear that the cyber insurance industry needs to evolve to deliver better value and become easier to acquire.
One area that requires change is the underwriting process. Many customers are concerned about sharp premium increases, non-renewal threats, and stories of claims being denied due to policy exclusions. On the other hand, insurers are worried that policyholders are not taking adequate steps to prevent cyber attacks. As a result, the underwriting process has become more detailed, leading to delays for policyholders. Meanwhile, insurers continue to adjust contract terms and policy exclusions, resulting in volatile premiums.
In response to these challenges, carriers and policyholders should focus on reducing risk through enhanced risk analysis, fair pricing, and favorable policy terms. Furthermore, the process of gathering information for cybersecurity insurance underwriting needs updating. Policyholders should electronically share data regarding their cybersecurity posture to provide insurers with a more accurate and real-time snapshot of their environment.
Amazon Web Services (AWS) is leading the way in addressing these concerns by developing a program to streamline the underwriting process through electronic data sharing. This is a positive step in modernizing the industry, but more needs to be done to address the challenges faced by the cyber insurance market as a whole.
One particularly pressing question is the risk of a catastrophic cyber event. If such an event were to occur, the federal government might need to step in to cover much of the losses, similar to programs in place for natural disasters such as hurricanes or floods. Government agencies are already considering a federal backstop program to address this risk and meet the demands of a large-scale cyberattack.
Efforts are also underway from the White House, the Cybersecurity and Infrastructure Security Agency (CISA), and the Securities and Exchange Commission (SEC) to prioritize national cybersecurity, improve incident disclosures, and enhance security posture. These policies collectively are moving the industry in the right direction, but the industry and regulators must continue to stay ahead of bad actors to prevent catastrophic cyber events from occurring.
Overall, the cyber insurance industry needs to undergo significant changes to address the challenges of skyrocketing premiums and complicated policy terms. By modernizing the underwriting process, sharing electronic data, and considering potential federal assistance, the industry can work to ensure that it is adequately prepared for possible catastrophic cyberattacks.