Despite being around for more than a quarter of a century, Cyber insurance remains a relatively young market in insurance terms. As such, it continues in a seemingly perpetual state of evolution, which is why keeping up to date with the latest developments is essential.
So what are the five biggest trends on the horizon for the Cyber market?
1. Inside-Out Underwriting
Advanced integration of behind-the-firewall technologies will enable underwriters to craft Cyber insurance programs and pricing that are more commensurate with the risk. Moving beyond paper applications with applicants' permission to view inside their network can potentially yield better results for all parties.
Take-up rates for these offerings will be interesting to watch, as insureds must decide if having additional eyes on their data warrants cost savings and additional risk management value.
2. Ransomware Could Rise Again
While ransomware losses have decreased in frequency, they've increased in severity and are more often accompanied by threats of data exfiltration.
As the situation in Russia and Ukraine continues to develop, will the frequency of attacks stateside correlate with the geopolitical ebbs and flows? The most recent loss data suggests a possible upward trajectory for attack frequency.
3. Insurers Diverge on Underwriting
Particularly in the small and medium-sized enterprises (SME) sector, inconsistency has become the consistent trend among insurers. Some markets are lowering rates and easing underwriting requirements, while others continue a more disciplined approach.
While these tactics are vastly different, one thing is certain: the Cyber insurance market is extremely dynamic and offers great promise to those taking a deliberate, measured approach.
New entrants that are pricing for fast market share, lowing barriers to entry and diving in with confidence that the ransomware epidemic is behind us could find themselves in a fast retreat.
4. Social Engineering and Financial Fraud Continue to Rise
And why not? Put yourself in the mindset of the bad actors: as long as a simple email request can convince someone to wire you $100K without questions, isn't that easier than stealing data and trying to monetize it?
Insurers are tiring of the death-by-a-thousand-cuts losses they're paying for social engineering and wire fraud claims. Conditions precedents will increasingly find their way into policy language.
The message: "If you're not making all best attempts to validate the authenticity of payment instructions, we're not paying your claim."
5. The Future of Cyber Risk Is Unknown — and That's a Worry
Data breaches, ransomware, social engineering, distributed denial-of-service (DDoS) attacks and deep fake technologies are well-known cybercrime tactics. It's the currently attack vectors that are that are perhaps most worrisome.
Unique to Cyber coverage is that the goalposts are always moving. We anticipate innovative threats to critical infrastructure, financial platforms, operational technologies and cloud-hosted environments. The question remains whether the significant advances in information security that many insureds made in the past two years will protect them from yet-to-be-discovered threats.
Learn more about what's next for the Cyber industry in the RPS 2023 U.S. Cyber Market Outlook.
DOWNLOAD REPORT
