Underwriters who thought the growing cyber risk landscape of the past several years would level off soon might want to think again. Woodruff Sawyer’s annual survey of cyber insurance carriers found all underwriters surveyed believe cyber risk will increase in 2024.
The survey, included as part of Woodruff Sawyer’s 2024 Looking Ahead Guide, sought underwriter perspectives on the current risk environment, risk appetite and future pricing expectations from a range of insurance carriers including domestic carriers, Lloyd’s syndicates and startup managing general agencies.
In fact, more than half—56 percent—of underwriters surveyed said they believe cyber risk will increase greatly in 2024. While the survey found 2024 is bringing a shift in concern for underwriters, with privacy violations and data breaches drawing more concern than last year, ransomware remains the most significant threat as 63 percent ranked it their No. 1 threat for 2024.
“Carriers started sounding the alarm as early as the second quarter of 2023, and by the end of the year, the trend was clear—ransom claims had risen to 2021 levels, the highest year of ransom claims on record,” the report said, adding that an increase in attacks relying on data exfiltration was also seen in 2023. “Attackers are exploiting a reality that many companies have discovered: Data is often most valuable to the company from which it is stolen.”
Other concerns noted in the survey include business email compromise and generative artificial intelligence. Indeed, Woodruff Sawyer predicted more companies will incorporate AI technologies into their internal processes or external products in 2024. While AI can introduce efficiencies for carriers, the report warned that carriers should proceed with caution as it can also introduce opportunities for error.
“Similarly, AI-powered cybersecurity tools will be used to protect organizations. Hackers will leverage AI to further their own causes,” the report said. “The battle will continue as it does today—with each side having an upper hand at different times.”
Woodruff Sawyer stated in its report that it doesn’t see AI substantially changing cyber risk, but it does believe the technology could exacerbate the severity of cyber issues when they arise.
“This will increase the importance of making an informed choice using data science and analytics when purchasing cyber insurance,” the report said.
That said, the cyber insurance landscape is changing along with cyber risk, as many carriers are exercising greater scrutiny and premiums have continued to rise. The survey indicated 44 percent of carriers believe underwriting scrutiny will increase slightly during the next 12 months.
“This may be bad news for insurance buyers already frustrated at the amount of information required to complete a cyber insurance application,” the report said. “However, it does prove the trend of higher scrutiny has staying power. With a risk as complex as cyber, higher underwriting scrutiny will become the norm.”
Although the hard market of 2021 and 2022 brought stricter underwriting standards with it, the report found a silver lining as more insureds are investing in the maturity of their cybersecurity standards. This is paying off on the insurance side, according to the report.
“Stronger cybersecurity controls strongly correlate to more carriers willing to offer insurance—creating the needed competition to drive premium savings,” the report said.
On the back of this trend, stability and moderation are likely on the horizon for cyber insurance coverage, according to the survey, with 75 percent of underwriters anticipating coverage to remain unchanged compared to 24 percent the previous year.
A growing percentage of underwriters believe cyber insurance premiums will continue to increase slightly, however, up 22 percentage points from last year. Only 19 percent said they expect premiums to remain unchanged, while none anticipated a decrease, the survey said.
“This suggests a notable industry shift toward higher premiums amid growing cybersecurity concerns,” the report said.
Along with these concerns, risk mitigation is top of mind for carriers, according to the report. Half of those surveyed said they believe companies should be more aware of their cyber risk. The survey showed a decrease in emphasis among carriers on strengthening security, down to 38 percent from 59 percent last year, while improvement of processes and procedures remained a crucial measure for 50 percent of carriers as the market continues to change.
“The cyber insurance market continues to evolve—the industry constantly faces new and serious risks,” the report said. “External factors continue to affect the market, including wars, federal and state regulations, and the rise of artificial intelligence.”