Page 28 - The IT Guidebook
P. 28
CYBERSECURITY
INSURANCE
T imes have certainly changed Ransomware attacks continued to ravage RATE INCREASES: CAPACITY CONSTRICTION:
the bottom lines of both their victims and
with respect to cybersecurity
controls. Regardless of industry insurance carriers. During the first six Cyber premiums increased across the There were clear indicators that carriers
or organizational size, companies should months of 2021, more money was paid board, regardless of the industry sector wanted to limit their exposure through
expect to see a continued disciplined in ransom payments than in all of 2020. or size of the organization. Cyber limiting capacity. The policy limits offered
underwriting approach that remains Increased payment amounts may be due, underwriters are being cautious or even during prior renewals were routinely cut to
laser-focused on data security controls, at least in part, to the fact that hackers moving away from specific industries, half of that amount during the 2021 renewal
with rates continuing their upward trend. now routinely threaten to publicize their including municipalities, higher education, cycle, both at the primary and excess layer
Organizations will need to grapple with victim’s most sensitive data if their six technology, and manufacturing. level.
more restrictive coverage terms, mandatory and seven figure ransom demands are
sublimits, and exclusionary language not met. However, extortion payments COVERAGE LIMITATIONS: GREATER UNDERWRITING SCRUTINY:
specific to certain global and widespread are just one piece of the cyber claim. The
cyber incidents. Capacity questions have average downtime from a ransomware Many carriers imposed sublimits and Almost all carriers asked for more details
not been settled, and exactly how much attack is 23 days, more than doubling the coinsurance provisions specific to around data security control efforts. Not
will be available in the U.S. and global costs due to business interruptions. And ransomware claims. This often resulted surprisingly, many questions focused on
cyber markets in 2022 remains an open when companies had to switch to remote in limiting coverage to 50% of the policy ransomware prevention and mitigation,
question. operations, the costs of a data breach limit or less. Certain carriers had to add with several carriers requiring ransomware
increased.
exclusionary language to specific known supplemental applications consisting
vulnerabilities; failure to remediate these of dozens of questions to see how well
The cyber insurance market took four
deliberate steps to combat increasing loss could lead to a denial of coverage for losses insureds managed the threat.
attributed to them. Others revised coverage
ratios in an effort to protect its bottom line.
terms specific to regulatory claims with Based on the past statistics and future
language that constricted risk transfer for predictions, the cybersecurity insurance
regulatory risk. market is changing.
27 CONTINUED ON NEXT PAGE 28
