Despite rising cyber insurance premium costs and changing coverage areas, companies are still researching and renewing their policies, experts tell Axios.
The big picture: Cyber insurance provides financial assistance following a cyberattack to help cover ransom payments or the costs of rebuilding data storage systems. But as the attacks increased, the high prices increased.
- Additionally, to compensate for growing financial losses, some vendors have changed the attacks they cover.
- Between 2019 and 2021, total cyber insurance premiums in the United States more than doubled, from $1.6 billion to $3.2 billion, per a Fitch Ratings report.
Brokers tell Axios they haven’t seen companies’ appetite for cyber insurance diminish, despite changing requirements and coverage.
- According to Marc Schein, risk management consultant at Marsh McLennan Agency, in April, 63% of clients at insurance broker Marsh USA said they plan to keep their cyber insurance policies despite rising costs.
- The policies still help companies deal with two of the most prevalent types of criminal cyberattacks: ransomware and corporate email compromises, which include phishing emails and outright takeovers of senior executives’ inboxes. , Schein said.
At a time, experts say that on high premium days increase are over – fending off fears that companies will abandon insurance before premium costs get out of reach.
- Cyberinsurers have struck a “balance” in their pricing and underwriting strategies, says Mario Vitale, president of cyberinsurance firm Resilience.
- Suppliers averaged a 65% loss rate last year, down from 72% the previous year, according to Fitch Ratings.
To reduce losses, Insurers have turned to a few strategies: requiring stricter cyber hygiene practices from potential buyers and changing the cyberattacks covered by these policies.
- Lloyd’s of London, the largest insurance marketplace in the world, recommended in a bulletin last month that its insurer groups exclude all state-sponsored cyberattacks from coverage in their policies.
- Chris Hallenbeck, CISO of cybersecurity firm Tanium, says Axios cyberinsurers ask his company more specific questions about the personal data it collects and its overall cybersecurity practices before approving a policy renewal.
Yes, but: Some companies still seem to be rethinking their cyber insurance needs.
- Hallenbeck warns that rising cyber insurance rates could be “a major driver” for companies dropping coverage.
- JPMorgan Chase has reduced the amount of cyber insurance it buys, Information reported last month.
Sign up for the Axios Codebook cybersecurity newsletter here.