Will the Second Wave of Ransomware Shift Cyber Market Pricing?

According to Sophos’ 2024 The State of Ransomware Report, the average ransom payment following a cyber incident has grown by 500% in the last year, costing around $2 million. Recovery strategies have improved, though, and companies are maximizing security efforts, knowing the long-lasting damage of a potential incident. Despite these efforts, is it enough to prevent an influx of claims as cybercriminals become more resourceful and adaptable?

“Cyber liability is one of the fastest growing insurance products in the marketplace, with the global market totaling $15 billion and over 60% of the premium originating from North American businesses,” said Steve Anderson, Director of Cyber Insurance Underwriting at Safety National. “Due to the accelerated growth potential, the market fluctuates on pricing and coverage grants every quarter. Underwriting expertise and collaboration that take these market conditions into consideration can help offset some of the potential impacts of ransomware. Still, demands are changing from cyber criminals, and it remains critical for organizations to prioritize their resiliency to an incident.”

Organizational readiness is vital in supporting the growth of the cyber risk insurance product. However, risks are constantly evolving, particularly with the development of generative artificial intelligence (AI). According to Howden’s 2024 Cyber Insurance Report, generative AI and machine learning could increase aggregation, severity, and frequency of claims.

The cyber market has been in a corrective state, with prices stabilizing, but will this last if a major event occurs and increases claims activity?

Recent data from NCC Group shows cyberattacks increasing 85% in 2022 compared to 2023, and increasing 30% in the first quarter of 2024 compared to the first quarter of 2023. Ransom payments have also increased, with the healthcare sector becoming a primary target. However, a spike in ransomware does not necessarily lead to higher prices. Capacity for the product is currently at an all-time high. New market entrants that aid in this capacity surplus, and ultimately in market competition, include traditional carriers in the North American market, Managing General Agents (MGAs), Lloyd’s syndicates, and other non-traditional markets. With so much additional capacity in the space, pricing can remain competitive, regardless of claims. Even though there has been a spike in ransomware in the last two quarters, there are continuous profitability and growth demands.

Has the ecosystem of brokers, carriers, and vendors been more successful in educating and mitigating the risks they insure?

Brokers, insurance carriers, and insureds are much more informed than ever before and do a much better job of understanding risk transfer in this space. Each party can apply their cybersecurity expertise across each market segment, allowing stakeholder meetings to focus on an organization’s overall exposure and the controls in place to prevent a cyber incident. Today, the underwriter has scanning tools and insight into the insured network structure that allow for a better snapshot of exposure. Carriers are better at assessing the risk, asking the right questions, and transferring that expertise back to the insured and broker.

What risk management services should organizations look for in a cyber policy?

An insured’s carrier typically offers tools like ongoing employee education, incident roadmaps that offer the assistance of a breach response team, and ransomware resources like stress tests and self-assessment surveys. Employee training is paramount in preventing a cyber incident. Social engineering and phishing are becoming much more convincing. Phishing emails remain one of the most common methods of ransomware attacks, but when employees understand how to spot a fake, they can protect an entire organization’s sensitive data.

Other tools and services that carriers provide access to often includes penetration testing, security ratings and threat modeling. Penetration testing can simulate a cyberattack, identifying vulnerabilities in an organization’s cybersecurity. These tests are crucial in filling the gaps and keeping cybercriminals at bay. Security ratings can help benchmark a company’s security performance versus similar companies to understand where they stack up.