The Cyber insurance landscape has experienced a dramatic shift over the past 18 months following a sharp uptick in the severity of cyber losses sustained by Australasian businesses.
Cyber criminals have become more sophisticated and are taking advantage of the shift to remote working conditions and online workforces accelerated by the Covid-19 outbreak.
These issues have contributed to a significant increase in the financial losses sustained by insurers emanating from cyber loss events, particularly in relation to ransomware attacks. According to Coveware – a leading a ransomware response firm – the average demand for a digital extortion payment was more than $220,000 in the first quarter of 2021, up 43% from the previous quarter.
A leading global broking firm also reported a 100% rise in the number of claim notifications from clients reporting ransomware incidents in 2020 compared to 2019.
The extent of cyber losses experienced in the marketplace has triggered a series or remedial actions from insurers as they look to improve the performance of their portfolio. And while capacity in the market remains in large supply, insurers are reducing their coverage, imposing higher deductibles, and applying notable premium increases ranging from anywhere between 15% to as much as 150% in some extreme cases.
Many insurers are also changing the way they assess risks and are adopting stricter underwriting guidelines when considering both new and existing clients, with a particular focus on the organisations Business Continuity and Incident Response Plans.
Organisations seeking to navigate this hardening environment will need to be able to demonstrate a high-level of cyber risk maturity to insurers. This will require clients to work in collaboration with their insurance broker to devise effective strategies that ensure any investments they have made to bolster their cyber risk management and resilience strategies are communicated to insurers in a clear and effective fashion.
Clients should also carefully examine the make-up of their existing insurance program as insurers apply cyber and technology-related exclusions across various financial and general lines of insurance, particularly in relation to acts of ransomware. This will require the majority of all cyber exposures to be managed using a dedicated cyber insurance policy that should ideally be tailored to address the specific needs of the client.
Blog Submission: Peter Sellwood
PALTD InsureRight – Insurance & Risk Management
Contact us today to speak to our insurance specialists for more information.