Insurance policies

Companies continue to buy cyber insurance policies

Despite rising cyber insurance premium costs and changing coverage areas, companies are still researching and renewing their policies, experts tell Axios.

The big picture: Cyber ​​insurance provides financial assistance following a cyberattack to help cover ransom payments or the costs of rebuilding data storage systems. But as the attacks increased, the high prices increased.

  • Additionally, to compensate for growing financial losses, some vendors have changed the attacks they cover.
  • Between 2019 and 2021, total cyber insurance premiums in the United States more than doubled, from $1.6 billion to $3.2 billion, per a Fitch Ratings report.

Brokers tell Axios they haven’t seen companies’ appetite for cyber insurance diminish, despite changing requirements and coverage.

  • According to Marc Schein, risk management consultant at Marsh McLennan Agency, in April, 63% of clients at insurance broker Marsh USA said they plan to keep their cyber insurance policies despite rising costs.
  • The policies still help companies deal with two of the most prevalent types of criminal cyberattacks: ransomware and corporate email compromises, which include phishing emails and outright takeovers of senior executives’ inboxes. , Schein said.

At a time, experts say that on high premium days increase are over – fending off fears that companies will abandon insurance before premium costs get out of reach.

  • Cyberinsurers have struck a “balance” in their pricing and underwriting strategies, says Mario Vitale, president of cyberinsurance firm Resilience.
  • Suppliers averaged a 65% loss rate last year, down from 72% the previous year, according to Fitch Ratings.

To reduce losses, Insurers have turned to a few strategies: requiring stricter cyber hygiene practices from potential buyers and changing the cyberattacks covered by these policies.

  • Lloyd’s of London, the largest insurance marketplace in the world, recommended in a bulletin last month that its insurer groups exclude all state-sponsored cyberattacks from coverage in their policies.
  • Chris Hallenbeck, CISO of cybersecurity firm Tanium, says Axios cyberinsurers ask his company more specific questions about the personal data it collects and its overall cybersecurity practices before approving a policy renewal.

Yes, but: Some companies still seem to be rethinking their cyber insurance needs.

  • Hallenbeck warns that rising cyber insurance rates could be “a major driver” for companies dropping coverage.
  • JPMorgan Chase has reduced the amount of cyber insurance it buys, Information reported last month.

Sign up for the Axios Codebook cybersecurity newsletter here.