Global cyber insurance rates have risen 32% in the year to June 2021 and seen the largest increase of all insurance lines, according to a new report on cyber risk and insurance by broker Howden. But even paying a higher price will not guarantee cover, Howden says, with cyber insurers seeking assurances on cyber resilience and risk management before deploying capacity.
“Claims are up, capacity is down and underwriting profitability is, at best, under pressure. The impact on insurance buyers is stark,” commented Shay Simkin, global head of cyber at the broker.
The report says “spiralling” loss costs and the spread of ransomware as a “digital pandemic” have combined to drive higher rate.
Global ransomware attacks ratcheted up by 170% last year, according to Howden, which also found the average ransom paid by US companies rose 400% in the first quarter of 2021. Howden says ransomware is the dominant cyber threat facing today’s businesses and is driving an increase in cyber insurance rates.
The average cost of ransomware remediation worldwide increased to $1.85m in Q1 2021 from $700,000 last year, with the costs running even higher in the US at more than $2m, Howden says.
Double-extortion tactics popular with today’s cyberattackers are behind the “soaring” increase in the number and severity of attacks, Howden notes. At the same time, Mr Simkin said Covid-19 and the impact on technology adoption “has added a big dose of complexity into an already complicated risk landscape”.
“Whilst companies are investing heavily in data and cloud security to accommodate the permanent changes brought about by lockdown, such as remote working and accelerated digitalisation, bad actors are often one step ahead and will continue to target weaknesses in order to cause disruption, steal data and make money,” Howden states.
It adds that “superior mitigation and response measures” can help minimise reputational risks from cyberattacks and protect shareholder value.
Mr Simkin said buyers need tailored analytical solutions alongside expert intermediation to help secure cyber loss protection. “Unprepared companies typically suffer disproportionate impacts that can lead to regulatory activity or litigation,” Howden adds.
“Preparedness is a crucial component of companies’ cyber resilience. It involves building and testing a robust plan for the eventuality of an attack, requiring close collaboration across organisations, including board-level stakeholders and key IT and security leaders,” it says.