2023 U.S. Cyber Market Outlook
Get the latest insights on the current and future state of the Cyber insurance market in the U.S.
Despite being around for more than a quarter of a century, Cyber insurance remains a relatively young market in insurance terms. As such, it continues in a seemingly perpetual state of evolution, which is why keeping up to date with the latest developments is essential.
So what are the five biggest trends on the horizon for the Cyber market?
Advanced integration of behind-the-firewall technologies will enable underwriters to craft Cyber insurance programs and pricing that are more commensurate with the risk. Moving beyond paper applications with applicants' permission to view inside their network can potentially yield better results for all parties.
Take-up rates for these offerings will be interesting to watch, as insureds must decide if having additional eyes on their data warrants cost savings and additional risk management value.
While ransomware losses have decreased in frequency, they've increased in severity and are more often accompanied by threats of data exfiltration.
As the situation in Russia and Ukraine continues to develop, will the frequency of attacks stateside correlate with the geopolitical ebbs and flows? The most recent loss data suggests a possible upward trajectory for attack frequency.
Particularly in the small and medium-sized enterprises (SME) sector, inconsistency has become the consistent trend among insurers. Some markets are lowering rates and easing underwriting requirements, while others continue a more disciplined approach.
While these tactics are vastly different, one thing is certain: the Cyber insurance market is extremely dynamic and offers great promise to those taking a deliberate, measured approach.
New entrants that are pricing for fast market share, lowing barriers to entry and diving in with confidence that the ransomware epidemic is behind us could find themselves in a fast retreat.
And why not? Put yourself in the mindset of the bad actors: as long as a simple email request can convince someone to wire you $100K without questions, isn't that easier than stealing data and trying to monetize it?
Insurers are tiring of the death-by-a-thousand-cuts losses they're paying for social engineering and wire fraud claims. Conditions precedents will increasingly find their way into policy language.
The message: "If you're not making all best attempts to validate the authenticity of payment instructions, we're not paying your claim."
Data breaches, ransomware, social engineering, distributed denial-of-service (DDoS) attacks and deep fake technologies are well-known cybercrime tactics. It's the currently attack vectors that are that are perhaps most worrisome.
Unique to Cyber coverage is that the goalposts are always moving. We anticipate innovative threats to critical infrastructure, financial platforms, operational technologies and cloud-hosted environments. The question remains whether the significant advances in information security that many insureds made in the past two years will protect them from yet-to-be-discovered threats.