As our world grows increasingly technology-driven, taking the business and commerce arenas along with it, the need for a response from the insurance industry increases. With larger amounts of money changing hands online and nearly all personal data and identity information being stored electronically, the threat of hacks, ransomware, and other cyber attacks looms large.
Within the insurance industry, we face an ongoing demand for ever-evolving coverage and strategies to not only provide peace of mind for our clients but also methods to protect ourselves from potential exposure and liability in the event of a catastrophic incident.
With the increased presence of cyber insurance within the insurance world, there is also an increase in the need for attorneys and law firms familiar with — and specializing in — cyber insurance defense. This article aims to highlight the exponential growth in the demand for cyber insurance, the fallout from the growing number of prominent online attacks, and the future of cyber insurance.
The sheer volume of cyber attacks across the spectrum is on the rise. Analysis from the Identity Theft Resource Center shows that the number of publicly reported data breaches through September 2021 had already surpassed the total number of cyber attack events reported in all of Fiscal Year 2020 by 17%.
According to research from Checkpoint Software Technologies, cyber attacks on corporate networks saw a 50% increase from 2020 to 2021. This report goes into even greater detail, showing research firms and educational institutions as the biggest targets, suffering a reported average of 1,605 cyber attacks each week.
In the modern world, any organization — regardless of its industry, size, or location — faces a certain level of cyber risk. In order to be prepared for potential attacks against its assets, a company must mitigate this risk by implementing an effective cyber security plan and utilizing the benefits offered by cyber insurance. Today’s cyber insurance policies often cover, among other things:
These circumstances, often associated with data breaches and other cyber attacks, come along with tremendous costs — both financially and in the trust of a company’s clients. Cyber insurance can provide a valuable shield against these losses, along with the potential legal challenges that may arise from clients or consumers who claim to have been harmed by cyber attacks.
As with any type of insurance coverage, the priority for the insurer is to provide coverage to its clients while also allowing for protection from potentially fraudulent claims.
As cyber insurance providers, there is a balancing act between coverage provided and the potential for challenges due to legal challenges from insureds or underlying exposures. Some of the key issues facing cyber insurance providers include:
Another threat entirely is predicated upon cyber attackers targeting companies specifically because of their cyber insurance coverage. Knowing that a firm is covered may seem enticing to hackers as they look for targets that could lead to big payoffs.
As the possibility of Congress taking action regarding the regulating of cyber insurance looms, our industry has responded by pressing insureds to tighten security and adopt new practices in order to obtain cyber security coverage. As the rise in cyber crime and the need for cyber insurance continues, the willingness of the insurance industry to adapt on the fly must grow as well.
The increase in cyber attacks has led to ongoing changes within the cyber insurance landscape, with the number of cyber attack incidents not the only data point seeing a marked increase. According to a market survey by The Council of Insurance Agents and Brokers, cyber insurance premiums have continued to skyrocket, with an increase of 27.6% in Q3 of 2021. This increase is attributed to the rise in the prevalence of cyber attacks such as phishing, social engineering, and ransomware.
This increased cost comes in addition to other changes being made across the insurance landscape, including reducing cyber insurance coverage for specific (and high-risk) business sectors like healthcare and finance, or even denying reimbursement entirely in some cases. Other insurance providers have insureds go through a stringent process to implement safeguards such as:
These measures not only make things more difficult for companies seeking to obtain cyber insurance but also drive up the costs of coverage considerably. Some providers have taken to offering specific cyber insurance coverage policies as standalones rather than having them bundled together with other types of coverages for companies. In the end, time will tell if the continued rise in costs will reach a breaking point or if government intervention through regulation will change the landscape even more drastically.
A detailed report by Recorded Future shows a growing trend toward “continuous control validation” to maintain a higher level of data security. As attacks evolve and become more sophisticated, the need for continuous security validation takes on greater importance. Regularly testing security measures and implementing new validation methods will continue to play key roles as cyber insurance providers look to provide coverage without leaving themselves unnecessarily exposed.
Risk will continue to be present on the part of both providers and their insureds, so newer processes to mitigate these risks will be an ever-present need. As technology advances, criminals will continue to engineer new ways to exploit security measures and threaten not only the security of sensitive data held by companies but the confidence of the populace at large regarding the safety of their personal information.
Having a combination of detailed security policies, comprehensive cyber insurance coverage, and the assistance of legal representation well-versed in insurance defense remains the best way to lay a strong foundation and prepare for the uncertainties of the future.