Marsh McLennan Agency, Mosaic Insurance headline cyber insurance event
Written by Stephen Lawton
Qualifying for a cyber insurance policy today can be a challenging and tedious process. Gone are the days when a simple phone call to an insurance agent and selecting coverage limits lead to obtaining a policy. Today, due to the sharp increase in ransomware attacks and multimillion dollar payouts, along with stricter cybersecurity controls required by underwriters, obtaining cyber insurance is now an essential objective and corporate imperative for organizations, but not a certainty.
Attendees at the recent Sophos virtual cyber insurance event heard from cyber insurance experts on what they need to do to qualify for consideration, as well as tips on how to obtain the best coverage and terms at the most attractive price.
Our experts included Marc Schein, national co-chair of the Cyber Center of Excellence at the world’s largest insurance broker, Marsh McLennan Agency (MMA); James Tuplin, head of international at next-gen speciality insurer Mosaic Insurance; Natalie Graham, head of claims at Mosaic Insurance; Daniel Kasper, cyber risk researcher and economist at Cyber Economics; and Nicholas Cramer, senior director of global cyber risk partnerships at Sophos.
Watch the event on-demand to see the sessions in full.
The economics of cyber insurance
Laying the baseline for emerging trends in the cyber insurance market, Schein said the cost of insured cyber attacks grew by 22% in 2020 and 77% in 2021, but rates for cyber insurance grew much faster. In September 2021, the average rate increase was 128% while the capacity offered — the limits insurance companies were willing to offer — dropped by 23%. The combination of higher rates and reduced coverage effectively is driving up the cost of insurance significantly, he said.
Economist Kasper agrees. The honeymoon that organizations had obtaining cyber insurance at a relatively low price for hefty amounts of coverage are likely gone forever. Now that insurers have had a chance to better judge the market dynamics, as well as judging the relative levels of cyber security controls in place by many of the organizations seeking insurance, the stark realities are coming into focus, and it is not good news for those who are shopping for policies.
“In 2013, we had about a billion dollars in global insurance premiums in cyber,” Kasper said. The next six years the market grew by roughly 30% annually, but at the end of 2019 COVID-19 hit and ransomware skyrocketed.”
Looking at 2018 before ransomware attacks became so prevalent, he said, a cyber insurance carrier would have significantly underpriced the premium cost for a cyber insurance policy for 2019 because the carriers did not have the threat vector for the new ransomware attacks in the pricing model. The market is now addressing those losses in pricing changes.