The cyber insurance sector has been tested recently with growing ransomware attacks, rising premiums, and more sophisticated threat actors, but that isn’t necessarily scaring insurers away, according to a 2022 Cyber Insurance Market Trends report from Panaseer.
“Despite the considerable pressures, our research shows it’s not enough to make insurers exit the market,” the report said, finding that even if the current rate of cyber attacks remains the same, 84 percent of respondents said they’d continue to offer cyber insurance over the next three years.
Panaseer is a continuous controls monitoring platform for enterprise security. It gathered feedback for this survey from 400 decision makers in cyber insurance, with respondents split evenly between the U.S. and U.K. The online survey was conducted by Censuswide between May 25, 2022, and June 1, 2022.
The survey found that while insurers may not be shying away from the cyber insurance market, some policyholders could be as cyber insurance pricing continues to show significant rate increases. Marsh’s Global Insurance Market Index for 2022, cited in the report, found that cyber insurance rates increased 110 percent in the U.S. for the first quarter of 2022. The majority of insurers in Panaseer’s survey said they expect cyber insurance premiums to continue rising over the next two years.
“This is leading to a growing trend for self-insuring, where organizations set money aside to cover themselves should they suffer a breach,” the report said.
This comes as ransomware is creating challenges for an already challenged industry, as attacks increased by 93 percent in 2021, according to Panaseer’s research. Its survey found the average ransomware payout over the past two years was around $3.5 million in the U.S., contributing to a 27 percent increase in the cost of ransomware claims over the same time period.
In fact, survey respondents cited the increasing sophistication of threat actors and the rising cost of ransomware attacks as the two factors that have had the most significant impact on insurance premiums.
Another factor cited by 35 percent of survey respondents as having an impact on insurance premiums is the inability to accurately understand a customer’s security posture.
“This again highlights the challenges facing the industry in assessing cyber risk and the efficacy of security controls, and indicates that insurers aren’t totally confident in their existing underwriting processes,” the report noted.
Among U.S. respondents in the cyber insurance industry, 95 percent believe it’s important for the industry to develop a consistent approach to analyzing a customer’s cyber risk using accurate security metrics and measures. Similarly, 89 percent of insurers believe it would be valuable to have direct access to customer metrics and measures proving the status of their security controls.
In a previous Panaseer survey of 1,200 security leaders, the company found that all respondents would be willing to demonstrate the strength of their cyber program to cyber insurers with data-driven metrics if it meant they could reduce their cyber insurance premium.
“If the industry can seize this opportunity for a data-driven approach to security and risk assessment, it can overcome many of the challenges it faces today and enable organizations to get the cover they need,” the report said.