Executive Summary

Cyber Insurance Premiums Increase As The Market Hardens

Cybersecurity was thrust into the spotlight in 2020 as the COVID-19 pandemic forced businesses to digitize their processes and adopt remote working practices overnight. The pandemic also presented an opportunity for cybercriminals to exploit global panic, with a surge in cyberattacks occurring in 2020. This has made the need for cyber insurance apparent to businesses, but the market is not as easy to navigate as it once was.

Until 2019, the cyber insurance market was characterized by flat premiums, insurers introducing higher coverage limits, and abundant capacity. However, as cyberattack frequency and severity ballooned, especially in the area of ransomware, there was a shift in the market. Insurers reduced coverage limits and capacity, resulting in strong premium increases for customers.

And while the need for cyber insurance is still apparent, that observation did not necessarily translate into increased uptake, as companies managed the economic fallout from the COVID-19 pandemic.

This has caused insurers to re-evaluate the risks they are willing to take on, with some of them looking to avoid high-risk industries. The exponential increase in the cost of ransomware attacks has not gone unnoticed, with AXA, a leading cyber insurer, no longer writing new policies that cover ransomware events. Indeed, it may come to pass that more insurers follow suit as they try to manage claims costs without the need to raise premiums to prohibitive levels.

Leaders AXA: AXA took the first step towards reversing increasing costs of ransomware attacks by no longer reimbursing customers in France who send extortion payments. By doing so, the insurer can not only dampen premium increases for its customers, but it also paves the way in the effort to break the cycle of ransomware attacks by removing the incentive for hackers at the source.

While AXA's move will not immediately break this cycle, other insurers will likely follow suit as ransom payments become unsustainable.

Cyber risk management experts: While no company can be 100% secure against all cyberattacks, those that proactively manage their risk and identify weaknesses will be much less likely to suffer a breach.

Cyber insurers that work with leaders in cyber risk management services will have more secure clients and, therefore, will be less likely to incur large claims than others.

Laggards

Cyber-negligent businesses: Businesses that do not adopt robust cybersecurity measures will not fare well in the increasingly digital world. This is especially true as more regulation comes into play, which can result in heavy fines in addition to the cost of cyber breaches.