Written by: Griffiths & Armour on: 12 Jul 2022

Cyber Risk Management | Griffiths & Armour

The Need for a Proactive Approach to Cyber Risk Management

The sophistication, frequency and severity of cyber losses are growing. As the economy has increased it’s dependency upon technology, exposure to Cyber losses has surged. Insurers have been left with no choice but to review their individual exposures to both local and widespread losses. As we move through 2022 and into 2023, we are seeing the insurance landscape shift. Several insurers have reviewed the breadth of coverage afforded for losses – with a specific caution towards limiting their financial exposure towards systematic cyber events.

Cyber risks are evolving at an elevated level. As hybrid working has become the new normal, and an over reliance on an ever integrated global supply chain, the attack surface for criminal activity has expanded. These foundational changes to the way we work has further increased organisational exposure to growing systemic risks. Threat actors are using these expanded threat surfaces, and new tactics, to expand their scope to cause harm.

Ransomware events continue to grow significantly and remain a worry for both clients and insurers alike. A recent insurer report found that ransomware events have increased dramatically in recent months, up 323% from Q1 2019. Underwriters continue to focus upon the controls within the organisation as a key driver behind loss expectations and resultant policy limits and premium.

Underwriters have been continuing their ever-granular approach to writing risk. Topics such as Multifactor Authentication, Business Continuity Planning, Employee Training, and Security Patch Management remain highly relevant for clients looking to purchase or renew policies. Advanced Endpoint Detection and Response (EDR) is now becoming a key control underwriters expect to be in place for renewals.

The Evolving Cyber Insurance Market

The Cyber insurance market has undergone a significant rating correction over the past 12/18 months. We have seen significant premium rating increases with reduction, or removal, of coverages which once made up a core part of a Cyber policy. Underwriters within the market view the recent, and significant, pricing correction to be a rebalance of the market rather than a traditional and cyclical ‘hardening’. This is due to the notion that the Cyber market remains largely immature compared to other traditional insurances and is still finding equilibrium in rating.

The response to the evolving threat landscape is a significant driver in the recent rebalancing. The development of catastrophe cyber event modelling is playing a significant role in underwriting innovation. Due to a lack of catastrophic event data, modelling risk remains a challenge for insurers. We are seeing drastic changes to insurer strategy as they attempt to quantity the potential exposures of their portfolio in an attempt to underwrite insurance on a sustainable basis. Although this is a area of investment for insurers, the lack of maturity at present remains an area of general concern.

Future outlook for the Market

As we progress into Q4 and beyond, we expect a restructuring of underwriting strategy of many insurers. There is an anticipation that the current trajectory of rating inflation will reduce into 2023. However, we are cautious of the shift in focus of underwriters to manage the exposures to systemic and correlated risk perils. ‘Threat Actors’ are switching strategies to compromise, compounded by the current and persistent geopolitical tension, which will clearly impact insurer bottom lines.

From a brokering standpoint, there are critical calls due to the market through the lack of consistency when comparing policy wordings. Paired with insurer fears of widespread exposures, through reliance on common technology providers, we expect underwriting rigor to remain heightened within Cyber policies.

We expect clients will experience changing underwriting strategies as we move into 2023. At Griffiths & Armour, we recognise the critical nature of timing to understand the client exposures and requirements in the placement of a Cyber policy. The early collaboration with the client’s internal team allows the insurance strategy be sculpted to suit the client’s needs and relative risk tolerances.

If you have any questions about the contents of this article, please get in touch with your usual Griffiths & Armour contact or click below to submit your enquiry to Cyber Insurance Specialist, George Gardner.

George Gardner | Griffiths & Armour