Cyber Insurance: global trends, insurance capacity and pricing
10-October-2022Global Insurance Law Connect (GILC) this week launched its inaugural Cyber Insurance report. The report captures the challenges associated with the cyber security market and analyses the different ways that regulators and insurers in different regions have been and are intending to approach this very real and constantly evolving threat. The report finds that the range of security vulnerabilities that cyber attackers are exploiting continues to amplify, as does the level of threat across all geographies and industries. While the increased demand has led to growth of capacity in the market, the severity of attacks means that insurers are becoming warier about risks they are willing to insure.
Across the globe, there has been a record level rise in catastrophic losses during the last three to four years. While the majority of incidents for cyber-attacks are through ransomware, there has been an uptick in the number of state-sponsored cyber-attacks not witnessed before. The level of possible impact on businesses from cyber criminals has become increasingly clear; these include not only threats to infrastructure but also to the integrity, availability and confidentiality of the information we digitally capture, analyse and exchange.
Jehan Mata, Partner and Cyber Insurance Leader, Commercial Insurance, said, “As networks grow and organisations become more reliant on IT systems, it will become increasingly difficult to protect and defend individuals and organisations from cyber risks. Cyber criminals will continue to capitalise on people’s fatigue and lack of focus. The cyber risks associated with the metaverse (which is unregulated) are yet to be addressed and privacy issues associated with a virtual world are likely to have a substantial impact on the cyber landscape.”
For many buyers worldwide, the experience of buying cyber insurance cover for their business is challenging. Cyber insurance has become more expensive and can provide limited coverage, particularly outside Europe and North America.
Jehan Mata commented, “The Australian cyber insurance market is relatively immature, with 16 insurers offering cyber insurance in Australia. We have observed more policies are being underwritten, particularly in London, with the appetite of Australian insurers decreasing due to the significant losses stemming from increasing cyber-attacks and ransomware payouts. Many Australian providers have either reduced cyber coverage limits, substantially increased premiums or have removed themselves from the market entirely. As a result, the majority of Australian businesses are underinsured or without cover, with only 20% of small businesses currently having adequate cyber insurance coverage.”
In the short term, insurers are likely to include more caveats in policies regarding silent cyber and supply chain attacks and will also adopt more sophisticated pricing techniques. Insurers will have an increased focus on educating policyholders and providing resources to help them understand and manage cyber risk.
Jehan Mata continued, “Although individuals and organisations will have greater knowledge about cyber risks, cybersecurity and the relevant steps to mitigate those risks, this is likely to be outpaced by the increasing sophistication of cyber-attacks.”
Giorgio Grasso, Leader of GILC’s Special Interest Group and Partner at BTG Legal, commented, “The world will only continue to digitise, and so cyber insurance will only become more prevalent and more important. As we conclude in the report, it has the potential to become as ubiquitous as public liability or professional indemnity insurance. That’s why it is so important for our clients that we as a network do all we can to share knowledge with each other and build a holistic, global view of this vital market.”
The Cyber Insurance report received input from Australia, Belgium, Brazil, China, Denmark, Finland, France, Germany, India, Italy, Luxembourg, Mexico, Netherlands, New Zealand, Norway, Spain, Switzerland, Taiwan, the UK and the United States. Sparke Helmore is a member of GILC and the sole Australian representative firm. Click here to access the full report.
Sparke Helmore’s October 2022 Cyber Update is now also available and includes articles on supply chain (third party) attacks, how cyber incidents can affect critical infrastructure, and how cyber criminals capitalise on natural disasters, warfare and changing political and economic landscapes.