Higher Cyber Insurance Loss Rates Mean Big Changes for Businesses

Higher Cyber Insurance Loss Rates Mean Big Changes for Businesses

Blog | Event

Higher Cyber Insurance Loss Rates Mean Big Changes for Businesses

On July 12th, The Arizona Tech Council convened a panel of experts for a forthright discussion about cyber insurance. The panel, moderated by PacketWatch’s CEO, Chuck Matthews, included industry experts Anthony Dagostino, CEO & Founder of Converge Insurance; Chris Branch, Chairman of ATS Underwriting; Wes Gates, CIO of the Arizona School Risk Retention Trust (the Trust), and Tracy Foss, Senior Program Director, Risk Program Administrators, a division of Arthur J. Gallagher. The specialist panel explored current market dynamics, discussed changes in underwriting practices, and shared experiences with the claims process. The goal of the discussion was to help member businesses understand how to effectively use cyber insurance in their arsenal of risk management tools and avoid common pitfalls.

Recent estimates show that the $4.8 billion cyber insurance market is growing at a rapid 25% compound annual growth rate (CAGR) and is expected to triple in the coming years. However, as a result of poor underwriting, direct loss ratios have ballooned to unsustainable numbers. Over the past two years, nearly 70¢ of every dollar in premium went to cover losses from claims involving ransomware, funds transfer loss, and business email compromise-related claims.

The resultant impact on businesses as insurers seek to stem losses is huge and wide-reaching. Smaller businesses are reportedly being priced out of the market entirely. For others, cyber insurance premiums are skyrocketing with an average 97% increase in 2021. Some companies experienced up to 300% increases. Businesses lacking key cyber controls were not even renewed. Panel members said they expect that trend to continue. In the first quarter of 2022 premiums for the top 25% of businesses increased an average 83.3%. Companies experienced other impacts from loss mitigation methods employed by the insurers including:

Key Takeaways

  • Read the Policy! Make sure you understand what you are getting and the requirements you are obligated to follow.
  • Make sure you know the Insurer’s Panel Providers which you are required to use in the event of a claim!
  • Expect more changes to coverages, policy language, premium increases, and underwriting practices.
  • Consider preventing losses with additional controls or self-insuring some 1st party risks to reduce premiums.
Cyber Insurance Lost Rates Mean Big Changes
  • Reduced Policy Limits – Policy amounts were reduced by a third or half as industry capacity dropped
  • Increased Deductibles or Retentions – for one small business going from $25k to $150k
  • Coverage limitations – including new coinsurance provisions for ransomware; new exclusions of certain types of losses, and new sublimits for others
  • Greater underwriting scrutiny – multiple applications and technical addenda focused on the existence of key vulnerabilities
  • Tougher claims management practices – strict use of panel providers, denial of claims based on application deficiencies.

Shared Experiences

The panel explored and shared experiences on several other topics impacting the use of cyber insurance including:

  1. The applicability of “Act of War” and “Terrorism” policy exclusions in light of nation-state and state-sponsored malware campaigns given recent “special military actions’ with Russia and Ukraine
  2. Conflicts in legal representation and the insured’s loss of control when panel legal counsel and responders are involved
  3. The vicious cycle of ransom payments by insurers creating the need for more cyber insurance to cover ever larger ransoms to criminal organizations
  4. The impact of non-standardized policy language and definitions hindering coverage comparisons for those actively shopping policies
  5. The risk of paying ransoms to potentially (OFAC) sanctioned entities/affiliates given warnings from the US Treasury and others
  6. Small businesses are being priced out of the market or excluded because they lack some protective controls of larger organizations
  7. Recent litigation surrounding voiding policies due to inaccurate application materials submitted by the insured
  8. The practical impact of insurers underwriting at the time of claim rather than at the time of application and the resultant uncertainty created
  9. The difficulty in managing overlap between conflicting or duplicate provisions in other insurance policies (e.g., crime coverage in a package policy vs. stand-alone cyber policies)
  10. Obligations to use Insurance Panel Counsel and Responders with Reservation of Rights and very large deductibles
  11. Whether policies offering bundled pre-breach, response, and post-breach services were beneficial to the insured vs. managing the effort internally
  12. The necessity to quantify potential 1st- and 3rd-party liability before selecting a policy and limits
  13. The need for a government backstop for systemic risk and terrorist activity to promote additional capital necessary for market growth

Final Thoughts

The panel concluded that ultimately businesses must carefully read every word of the policy being offered, shop around to the myriad of insurers, obtain expert help where needed and judiciously consider what they are purchasing. Five years ago, cyber insurance was relatively inexpensive, and its promises seemed relatively clear and simple. The panel concluded that is no longer the case and businesses can expect more change in the cyber insurance marketplace in the coming years.

If you are considering cyber insurance and would like to discuss the alternatives for your organization, give us a call.

Tags:

The Truth About Cyber Insurance

The Truth About Cyber Insurance

Blog | Event

The Truth About Cyber Insurance

Join Chuck Matthews as he moderates the Arizona Technology Council July Virtual Tech Speaker Series event “The Truth About Cyber Security“. Chuck will be joined by industry experts to discuss the issues businesses should consider when approaching the proper use of cyber insurance. They will discuss the regulatory reforms that would make cyber insurance a better tool for risk transfer. Participants will gain better situational awareness regarding cyber insurance practices during this open discussion.

Panel Members:

  • Anthony Dagostino, CEO & Founder, Converge Insurance
  • Chris Branch, Chairman, ATS Underwriting
  • Wes Gates, CIO, Arizona School Risk Retention Trust
  • Tracy Foss, Senior Program Director, Risk Program Administrators

Who Should Attend:

  • Business Owners
  • Executive Management
  • Risk Managers
  • Legal Counsel
  • CIO
  • CISO

Live Broadcast:
Tuesday July 12, 2022
3:30PM – 5:00PM PT

Register:
https://www.aztechcouncil.org/event/july_tech_speaker_series/

“Cyber insurance take-up rates are increasing but Insurers’ losses are reaching unsustainable levels. Loss mitigations being implemented by Insurers to stem those losses, combined with non-standard policy terms, are leaving many to question the proper role of cyber insurance policies. ”

Arizona Technology Council Logo
The Truth about Cyber Insurance | AZ Tech Council
Key Takeaways:
  • Why are cyber insurance premiums rising so rapidly and coverage decreasing at the same time?
  • What happens if I file a claim? What are the “gotcha’s”?
  • How can I more effectively use my cyber insurance?
  • What regulatory and industry changes are being discussed and how will they impact me?
About The Arizona Technology Council The Arizona Technology Council is Arizona’s premier trade association for science and technology companies. Recognized as having a diverse professional business community, Council members work towards furthering the advancement of technology in Arizona through leadership, education, legislation and social action. The Council offers numerous events, educational forums and business conferences that bring together leaders, visionaries and community members to make an impact on the technology industry. These interactions contribute to the Council’s culture of growing member businesses and transforming technology in Arizona. To become a member or to learn more about the Arizona Technology Council, please visit www.aztechcouncil.org.
Tags: