With the COVID-19 pandemic causing widespread adoption of remote working practices, 2020 was a watershed year for cyber insurance.
According to Marsh’s Cyber Insurance Market Recap – Australia 2020, increased awareness helped fuel 20% growth in the amount of cyber insurance policies placed compared to the previous year, while total premium placed grew by 51%. It’s a trend that looks set to continue in 2021, said Kelly Butler (pictured), cyber practice leader at Marsh JLT Specialty.
“As companies evolve their understanding of cyber risks and exposures, both the demand and need for bespoke cyber insurance continues to grow,” Butler told Insurance Business.
Though the Australian government and regulators are similarly cognisant of the growing need for cyber security, the damage wrought by cyberattacks is unlikely to tail off anytime soon. A recent report from Trustwave found that the Asia-Pacific region was the most impacted in terms of malicious data breaches.
“Generally speaking, data breaches often occur as a result of human error,” Butler noted.
“Someone might click on a wrong or suspicious link or send something to the wrong destination – things that could be remedied to a certain extent through education. As it stands, data breaches don’t tend to grab the headlines, though, and so the average person might not be aware of how serious these can be.”
So, what do the headlines focus on, then? In Butler’s experience, it’s ransomware.
“If you look at the frequency of cyber claims across the globe, they actually went down in 2020, yet claims severity increased significantly,” she said.
“What’s driving this is, in part, a large increase in ransom demands through ransomware attacks. Average ransom payments have risen dramatically in Australia and New Zealand over the last year as malicious actors have become more sophisticated – whereas they used to be looking for a vulnerability, now they’re much more targeted in their approach and goals.”
Indeed, as the sophistication and scope of cyberattacks has extended beyond mere data breaches, the risk of “silent cyber” exposures has risen.
“Traditional insurance policies like property cover haven’t specifically mentioned cyber risk, but it’s still been contained there silently,” said Butler.
“What the industry is concerned about, then, is that these traditional policies may be on the hook in the case of something like cyber-triggered property damage, since it might not have been specifically mentioned in the policies’ exclusions.”
To help combat this confusion and preserve insurer solvency, Lloyd’s issued a mandate last year for traditional insurance policies to either expressly cover or exclude such silent cyber exposures. It’s one of the topics that Butler, as part of Marsh’s thought leadership team, is keen to get ahead of.
“We’re talking to clients to get them to understand and quantify their key exposures and risks before they begin looking at cyber insurance,” she said.
“Once we’ve identified these exposures, then we can offer them bespoke insurance solutions while continuing to work with IT companies and vendors so that when there is an issue, they can address it promptly.
“Given that the cyber team here has grown from just myself to a group of nine in only four years, it’s clearly a priority for both Marsh and our clients.”