Newfront Market Report: Cyber Insurance

Since the beginning of the COVID-19 pandemic, the cyber insurance market has hardened considerably, with major changes to capacity and premiums in the first half of 2021. The CIAB Q1 Market Survey reported premium increases of 18%, but because the market is changing so quickly and the frequency and severity of cyber claims continues to surge, we’re now seeing increases closer to 50-100% in most cases.

Cyber insurance professionals point to ransomware attacks as the driving force behind the hardening market. These attacks, which are a form of malware that locks and encrypts a victim company’s data and then demands ransom in exchange for access, often target managed security service providers (MSSPs) and their hundreds, if not thousands, of IT clients at once. This tactic allows hackers to drastically increase their extortion demands, with some claims reaching into the millions of dollars, and is responsible for the largest cyber losses of 2020.

Insurers also point to an increasing remote workforce as a cause of increased cyber claims. Less-secure remote working environments, like home offices, allow hackers to conduct cyber-attacks such as phishing schemes more easily. We highlighted this growing risk in early 2020, and with many corporate workforces remaining largely remote well into 2021, and possibly forever, mitigating the damage from these attacks will continue to be a large component of any organization’s post-COVID risk management strategy.

What can you do to prepare for a changing market?

Reevaluate your cyber policy and incident response plans now. While many insurers are reporting reduced capacity for cyber lines such as ransomware, there are many coverage solutions that could apply.

1. Risk and governance come from the top. Your Board of Directors and senior management should understand technology being deployed and arrangements being made to combat the threats. Management needs to make clear that security must be considered throughout new work activities.
2. Coordinate Incident response plan (IRP) with carriers. Ensure your IRP is aligned with your carrier’s approved vendors, as well as the coordination of various policies that may respond to a breach.
3. Review IT system security. Confirm with your IT department that the appropriate resources and attention are being directed to defend against risks to your organization’s cyber systems and work-from-home arrangements. New software should be tested and investigated before being trusted with confidential information.
4. Communicate with and train employees. Carefully explain how employees are expected to utilize systems in a remote environment. They should be instructed on how to access systems and be reminded of cybersecurity precautions that must be taken while working remotely, including their surroundings, phone calls, printing, and system access.
5. Implement multi-factor authentication. Implement multi-factor authentication on all remote systems to ensure access is limited to legitimate and trustworthy personnel. Remind employees of the importance of these systems and of having authentication mechanisms, including any required tokens, available and kept secure.
6. Strengthen passwords. Remind employees of the importance of keeping strong, up-to-date passwords and protecting those passwords when using their systems, especially in remote locations.
7. Warn employees about phishing. Remind employees of the importance of taking steps to avoid phishing and social engineering attempts to breach their systems. Examples should include clicking on links in unsolicited emails or revealing personal or financial information in response to emails.
8. Manage third-party vendors. Check in with key third-party service providers to ensure readiness and planning. In the event of their own increased customer demands, do vendors that you rely on have the right plans in place?
9. Review regulatory obligations. Businesses should consider regulatory obligations, including any reporting obligations that they may have. Arrangements should be made for any regulatory reporting that may be required, including testing whether there are secure remote systems for that reporting.

For more information on cyber insurance and how to prepare your organization in case of a cyber-attack, download our full Cyber Market Environment Report, or reach out to a member of the Newfront team today.