Cyber Insurance is not a new insurance coverage, but until recent years, it was considered an additional coverage selection rather than a necessary one. In the years leading up to 2023, cyber threats have skyrocketed, leaving every business and individual at risk for a breach. Today, cyber hacks account for some of the most expensive claims, some costing billions of dollars. Cyber insurance has become a standard measure of proper business risk management, and in 2023 will be even further regarded as mandatory. As cyber risk continues to grow and change, the insurance industry will follow suit to provide adequate protection. Below are themes and trends in the cyber insurance industry to look out for in 2023.
Standard cyber security underwriting used to involve analyzing external threats to security, such as access to critical data centers, user accounts, core business operations, and other external actors of a business. More recently, underwriters and cybersecurity experts are understanding the greater need to address security from the inside of the business as well. Businesses today are so closely linked to third-party services and control systems, that the threat of an internal breach is equally or more important to mitigate. Underwriters are taking the “inside-out” approach by scanning and analyzing internal processes, as well as third-party access and data control, to understand how an attacker may actually think and approach an attack. By gathering data and insights using this technique, underwriters can endorse new coverage for gaps they may not have otherwise found. This helps to build a more robust and thorough insurance program for each business, dependent on their individual needs and risks.
Private businesses aren’t the only institutions that face the threat of a cyber-attack. Government, educational institutions, and public entities are expected to see higher amounts of cyber attacks, that could have devastating losses without proper risk mitigation and protection. 24 states have introduced 41 new bills in 2022 that require government and government-tied institutions to have improved cyber security training and risk protection. There are hundreds of other bills in consideration across the nation that would require certain institutions to have a high level of cyber security insurance, which would also require standard measures of protection in order to secure. The increase in security measures comes after 2022 saw disruption to unemployment benefits, schools, intuitions, and financial corporations as a result of cyber breaches.
Most private businesses today are linked to larger data-holding companies that increase the threat of risk. In 2023, there is likely to be a revamp of current standards and regulations that require any business that handles sensitive data to follow stricter guidelines, provide increased training, be subject to security audits, and carry a certain level of coverage.
Ransomware is a type of cyber breach where intentional malware prevents or limits users from accessing their system, either by locking the system's screen or encrypting a device so no files can be accessed until a ransom is paid. Cyber insurance policies do have ransomware coverage included, up to the policy limit, or added as an endorsement. Though this past year ransomware attacks actually decreased, the severity of the attacks that did occur dramatically increased.
Additionally, “ransomware as a service” is on the rise, which provides pre-programmed ransom software available for sale to cyber criminals. These circulating services suggest that more sophisticated cyber criminal organizations are emerging, with easy-to-access plans of attack. Ransomware as a service as well as the higher loss breaches that are currently trending gives us two insights for 2023. The first is that businesses should enlist extra security measures against ransomware as it may be the biggest cyber threat over the next year. Secondly, ransomware coverage prices will likely increase to correspond with the spike in total loss per claim calculations.
The importance of data in every aspect of a business model has grown significantly over the past decade. Today, we use data to further our understanding of a business's operations, growth potential, and weaknesses. Similarly, data analytics in 2023 will be more heavily integrated into cyber security and cyber risk prevention models. New technology introduced into the insurance industry can leverage proprietary data and AI to asses a true understanding of current cyber threats while predicting potential threats based on worldwide trends and statistics. In 2023, you should expect all cyber-related measures to be based on specific numbers and data, rather than estimates. Overall, the integration of data will provide much stronger insurance solutions and preventative measures for businesses.
The insurance needs and solutions of a business are constantly changing. Our agents and consultants can help you find or improve your insurance program to meet your current needs, and find solutions for your potential risks. Contact us for more information on our cyber solutions, or for a free consultation on your insurance program.