Ransomware is one of the most pressing issues for cyber insurers today. In the past five years, the average ransom demand has shot up from $15,000 to $175,000 – an almost twelve-fold increase – according to the NetDiligence® 2021 Ransomware Spotlight Report. Furthermore, ransom demands crossed the $1 million threshold in 2018, the $3 million threshold in 2019, and publicly available data indicates that they crossed the $50 million threshold in 2020 – although this amount was likely negotiated down.
As hackers become more opportunistic and more strategic with their cyberattacks, they’re realizing that they can extort large organizations for seven-figure demands. At the higher end, these demands are eating up cyber insurance limits and leaving carriers and insureds out of pocket. The severity of these incidents came to a head in 2020, and the cyber insurance market has been taking the necessary steps to react.
What does this mean for insurers?
Every insurance company is reacting to the ransomware boom in their own way, but there are some commonalities, according to Ari Giller, Vice President of Cyber & Tech Underwriting at Tokio Marine HCC – Cyber & Professional Lines Group.
The first thing that most insureds will notice is that cyber insurance pricing has risen over the past few years. According to Giller, the average cyber insurance premium increase for 2020 and 2021 is between 35-40%. There are multiple factors driving these rate hikes: one of which is the rising frequency and severity of ransomware demands, which are taking their toll on carriers’ bottom lines.
“The cyber insurance market has been severely underpriced for many years – at least since I started underwriting cyber nine years ago,” said Giller. “In a soft market, there are numerous competitors who are trying to eat up market share, so the focus is on who has the best price for the best coverage. Now, carriers have realized that there is significant exposure, and they need to increase their rates to commensurate. To many, these price increases seem lofty because, in the past, the product line has been significantly underpriced for the exposure.”
Beyond premium hikes, some carriers have started sub-limiting cyber extortion and ransomware, meaning that policyholders will only be able to claim a fixed amount for all of their breach event costs, forensic costs, legal costs, cyber extortion payments, and so on. Furthermore, some insurers are applying co-insurance provisions, forcing insureds to share more of the risk.
“We’re also seeing stricter underwriting guidelines,” Giller added. “Underwriting cyber is no longer just checking a few boxes – revenues, record count, a brief list of controls, no claims – and then sending out the quote. The underwriting process has become much more intensive, especially with regard to verifying ransomware controls and understanding each insured’s unique exposure. Carriers are also being more cautious in managing their limits. With ransomware demands sometimes reaching eight figures, we’ve seen many carriers dropping their capacity on any given line.
“With rate increases, coverage reductions, and various new limitations, we have seen a hardening in the cyber insurance market, and I believe that’s going to continue through 2021. There’s going to be a lot more limit on supply in the cyber insurance market.”
While Giller does not contest the need for rate increases and more disciplined underwriting in the cyber insurance market, he describes these changes as “short-term solutions.” The long-term goal of the Tokio Marine HCC – Cyber & Professional Lines Group is to raise awareness of ransomware and other cyber threats, and to help insureds improve their cybersecurity posture.
“We really want to stress and prioritize the partnership between the insured and the carrier,” Giller told Insurance Business. “We don’t want to be seen as just a risk transfer solution; we want to be a partner in our insureds’ risk management practices.”
Tokio Marine HCC – Cyber & Professional Lines Group works with leading cybersecurity and cyber risk management vendors to help their insureds secure their systems and achieve “best practice” status. In October 2020, the group announced an arrangement with CrowdStrike, a leader in cloud-delivered endpoint and workload protection. CrowdStrike’s endpoint protection offering through Tokio Marine HCC – Cyber & Professional Lines Group allows insureds to address the increasing risk of ransomware attacks and other sophisticated threats.
The group also works closely with OneIT, a leading managed services provider, to offer insureds multi-factor authentication through Cisco’s Duo, as well as secure, off-site backup and recovery for their vulnerable data with Datto – both equally critical elements in policyholders’ ransomware-readiness strategies. All of these services are offered to insureds at reduced rates.
“We want to be proactive and provide preventative solutions for our insureds that augment their existing security approach,” said Giller. “We’re happy to jump on a call with our insureds at any time to walk them through any cyber vulnerabilities that we’ve identified and how they can mitigate them. Prevention really is the best cure.”