Written by: Griffiths & Armour on: 26 Apr 2022
Why has the demand for Cyber Insurance increased?
Demand for cyber insurance is growing. High profile cyber-attacks against recognisable brands and organisations have made the headlines in recent years. It’s perhaps not surprising that larger businesses are now seeking even higher limits and broader coverage, however there is now a significant growth in numbers of smaller businesses and SMEs seeking insurance solutions and acquiring cyber cover in 2022.
What are the key drivers of this increased demand for Cyber Insurance cover?
George Gardner, Cyber Insurance specialist at Griffiths & Armour on the key drivers for businesses seeking Cyber insurance,
“a major driver of enquiries for cyber coverage has occurred primarily because of a realisation of the potentially dire strategic, reputational and financial implications following a cyber-attack event on their systems. This has been influenced in no small part by several headline grabbing cyber-attacks and the impact they have had on organisations that you might have assumed would have watertight system protections in place. Geopolitical tensions, well documented cyber warfare and the current war in Ukraine has also led to a realisation in many boardrooms that there needed to be a shift in their expectations from ‘if’ to ‘when’ the business will suffer from a cyber-attack”.
What other factors are impacting on why some businesses are purchasing cyber insurance cover and building more robust cyber risk management strategies?
1. The ransomware threat continues to evolve
In reaction to the COVID-19 pandemic, businesses saw a large-scale movement to remote working and adoption of hybrid working models. The movement of employees and equipment offsite clearly introduces new access points for vulnerability, increasing exposure across the IT ecosystem to cyber criminals who can exploit these vulnerabilities through activities known as social engineering including phishing emails. Ransomware is currently one of the fastest growing global cyber security threats, rising by 93% in the first half of 2021 according to recent insurer reports.
Cyber criminals are becoming increasingly sophisticated and dynamic in their methods leading to actual loss experiences increasing dramatically. According to data collated by cyber security organisations across 2021, global ransomware attacks are estimated to cost businesses around $20bn – a total predicted to reach $265bn by 2031!
2. An ever-changing geopolitical landscape
Following the invasion of Ukraine by Russia and the subsequent actions taken by predominantly western countries, Russia could look towards the possibility of using cyber-attacks on businesses based in those countries supporting Ukraine. The risk of a catastrophic cyber event is certainly growing but there is already history of these attacks. The NotPetya cyber-attack emerged in 2017. The destructive malware strain, blamed on alleged state-backed Russian hackers, soon spread causing damage worth billions of dollars to companies including pharmaceutical giants Merck & Co and the law firm DLA Piper.
Whilst insurance policies usually have exclusions for ’Force Majeure’ events, the legal precedent remains unclear for Cyber insurance. This as yet untested area of uncertainty, highlights the importance of a robust framework to manage cyber risks.
3. Getting your Cyber Coverage right
Cyber insurance is a key pillar in effective risk management and must be seen as a major contributor to operational resilience. Therefore, each company’s cyber risk controls and capabilities must be organised to help them withstand, absorb, and recover from cyber incidents. Combining internal processes with insurance is an effective and efficient part of a larger resilience plan.
Cyber insurance is designed to protect your business against financial loss resulting from a range of cyber events, including data breaches and system interruptions. As businesses increasingly use technology to operate the digital assets they hold – including confidential and sensitive data – they are becoming more valuable for cyber criminals to exploit. The cyber landscape is continuously evolving; businesses that do not stay informed around this space could be caught off guard.
4. Cyber Insurance Market
Despite the rapid progression of digital services, cyber exposures and how they are covered within insurance products remains complex. The insurance market has imposed requirements for underwriters to introduce policy language which clarifies the treatment of cyber risks, noting whether cyber risks are specifically covered or excluded in specific circumstances and this is requiring businesses to reassess their current exposures.
The principles behind how easy it is to obtain cyber cover is no different to any class of insurance because the appetite of the market is driven by the number of claims paid. Today, insurers are increasingly highlighting the rise in claims loss frequency and severity – particularly related to ransomware – which are drawing concerns and resulting in insurers instinctively becoming more cautious and in turn, creating a ‘hard market’ i.e. reduced supply when demand is increasing. The increase in cyber incidences highlighted in the media is also creating a new demand from insurers for detailed response and recovery plans for businesses within their proposal forms.
Despite the challenges, the insurance market currently continues to offer an effective and wide spectrum of insurance coverage options. At Griffiths & Armour, we help clients to understand the nuances of cyber insurance using our experience and technical knowledge of cyber insurance gained over many years. We are ready to discuss any questions you have, please get in touch with your usual point of contact at Griffiths & Armour or submit your enquiry below and a member of the team will contact you shortly.