As the cyber market matures, it’s increasingly evident that fighting off cyber attacks is going to be an ongoing team effort. Brokers, carriers, cybersecurity organizations and insureds all play a role, from security to training to assessing adequate coverage.

According to the latest Cyber Insurance Outlook report from Arctic Wolf, the risk of cyber attack has become a part of daily operational concern for many organizations. Yet growing awareness of how organizations can protect themselves from attacks and loss still poses a challenge to the insurance industry.

Seventy percent of insurance professionals responding to this most recent survey (77 percent of brokers and 63 percent of carriers) expect the number of new cyber claims to increase, mainly because of steadily growing threat activity.

The Cyber Coverage Gap

One figure the Arctic Wolf report highlights is the discrepancy between cyber coverage figures provided by brokers and those supplied by businesses. While brokers estimate 47 percent of organizations have the coverage they need, 65 percent of responding organizations claim they are covered in the event of a cyber attack.

The report hypothesizes that businesses are unaware of the extent of their coverage or what specifically is needed. This 20 percent gap could represent an opportunity for brokers to reassess clients’ needs and make recommendations for additional protection and mitigation.

Insurers may also initially reject clients for cyber coverage because they have inadequate security controls in place (26 percent), lack financial stability (21 percent) or can’t supply the insurer with enough information (21 percent). While brokers are most likely to reject a client because of financial instability (23 percent), carriers are more likely to ding potential insureds for missing security protocols (32 percent).

Cautious Cyber Claimants

In the past year, 12 percent of clients with cyber insurance made claims, with ransomware accounting for 18 percent of those claims. Other common claims included data breaches, theft of funds and phishing incidents, including business email compromise.

However, clients who make claims may find that their rate increases because of a claim (66 percent) or that they face increased scrutiny during the renewal process (56 percent). Seven percent reported that they were asked to implement additional controls as a condition of renewal, which could include additional training, upgraded security or other measures.

Insureds may also have claims rejected because they fall outside the terms of their policy (25 percent of rejections), their coverage was less than the total claim (19 percent), the incident fell below the client’s self-insured retention (18 percent), the incident failed to disclose risk on the client’s application (17 percent), or the incident was deemed gross negligence.

Fear of higher rates and cancellation drives some insureds to ignore issues that don’t seem to pose a significant financial, security, or “worst case scenario” threat, the report said.

And prices are increasing, with 53 percent of insurers saying they have seen an overall increase in cyber insurance rates in the last 12 months.

Proactive Protections

North America is considered the global leader in the cyber insurance market. Insurance brokers in North America are more likely to offer both cyber risk control tools and services (73 percent) compared to the global market (68 percent). North American brokers are also more likely to have a designated cyber practice (49 percent) than global counterparts (43 percent).

However, only 45 percent of organizations in the North American region have the necessary cyber coverage compared to higher rates in some European countries. Regulatory requirements in places like the UK and Ireland incentivize organizations to mitigate cyber risk, with cyber insurance serving as a part of those strategies.

Globally, cyber insurers are proactive with their clients to mitigate damage and loss, with 71 percent of insurance brokers partnering with cybersecurity providers to better serve clients, while 94 percent offer ongoing assistance or support to clients.

The majority (69 percent) also offer in-house cyber risk control tools and services, with 45 percent charging separately for these services. Another 25 percent of insurers refer clients to certain cyber risk vendors, with about half of those (12 percent) negotiating pre-arranged discounts or terms with the vendors.