The cyber insurance market in Canada is evolving rapidly, and Michael McCallum, cyber underwriting leader at AXIS Insurance, has shed light on some of the trends and challenges facing the industry today.
In an interview with IBTV, McCallum highlighted the continued rate increase seen across the board as a result of the increased claims activity throughout the past year. He said insurers have also set a new standard or minimum baseline set of risk controls across their portfolio of insureds, with improvements aimed at enhancing cyber hygiene and protection against exposures.
When taking these two points into consideration, insurers should feel “much better about their premium pool to fund losses for 2023, but also much better about how insureds are handling and protecting against their exposures,” McCallum said.
The Canadian cyber insurance market is also becoming more competitive, McCallum said, with more capacity entering the market.
“We've already seen some trends of more capacity entering into the Canadian market, whether that be from markets who hit the pause button on cyber over the past couple of years and are now reengaging or from new capacity entering into the Canadian marketplace and they see a tremendous amount of opportunity,” he said.
In light of this growth, McCallum stressed the importance of ensuring that the market follows through on its commitment to improving cyber as a “specialty product that requires specialty expertise,” as well as maintaining its sustainability “for many years to come.”
“It's certainly been a deliberate action from AXIS over the past couple of years, and we're expecting big opportunities and very excited for the growth potential in 2023,” McCallum said.
When asked about the biggest cyber risks facing brokers and customers, McCallum highlighted catastrophic and systemic cyber risk as a major industry concern.
In Canada, he specifically identified the changing regulatory environment on both the provincial and federal levels as a challenge.
Ransomware also remains a “top threat” for the cyber market, McCallum said, noting the way that the ransomware model has been evolving.
The model began with encrypting data to extort a payment but has since moved to what McCallum described as a “form of double extortion,” where hackers not only encrypt the information but also exfiltrate and control it.
McCallum also touched on how AI technology enhancements might change ransom and malware, especially as AI for deepfakes and mimicking voices becomes easier to access.
A recent ransomware attack on bookstore chain Indigo compromised its employees’ personal information, including their email addresses, phone numbers, birth dates, home addresses, social insurance numbers, and direct deposit information.
In preventing similar attacks, McCallum emphasized the importance of employee cybersecurity awareness training, calling it the “best first line of defence.”
“If businesses can educate their employees not only how to spot phishing attempts, but also on general cyber security concerns and trends, I think that really goes a long way,” he said. “The key thing is to make sure that it's ongoing and embedded within the company.”
Learn more about the cyber insurance market and watch the full interview with Michael McCallum here.
