The sophistication, frequency and severity of cyber losses are growing. As the economy has increased it’s dependency upon technology, exposure to Cyber losses has surged. Insurers have been left with no choice but to review their individual exposures to both local and widespread losses. As we move through 2022 and into 2023, we are seeing the insurance landscape shift. Several insurers have reviewed the breadth of coverage afforded for losses – with a specific caution towards limiting their financial exposure towards systematic cyber events.
Cyber risks are evolving at an elevated level. As hybrid working has become the new normal, and an over reliance on an ever integrated global supply chain, the attack surface for criminal activity has expanded. These foundational changes to the way we work has further increased organisational exposure to growing systemic risks. Threat actors are using these expanded threat surfaces, and new tactics, to expand their scope to cause harm.
Ransomware events continue to grow significantly and remain a worry for both clients and insurers alike. A recent insurer report found that ransomware events have increased dramatically in recent months, up 323% from Q1 2019. Underwriters continue to focus upon the controls within the organisation as a key driver behind loss expectations and resultant policy limits and premium.
Underwriters have been continuing their ever-granular approach to writing risk. Topics such as Multifactor Authentication, Business Continuity Planning, Employee Training, and Security Patch Management remain highly relevant for clients looking to purchase or renew policies. Advanced Endpoint Detection and Response (EDR) is now becoming a key control underwriters expect to be in place for renewals.