Cyber has officially staked its claim as a central player on the global risk stage. In 2020, cyber risk is no longer a matter of IF an incident will happen; it is a question of WHEN. Almost every organization and every person with access to the internet or to connected technology is exposed.
Every business in every sector is vulnerable to cyberattacks and non-malicious cyber incidents. In 2020, we saw several universities suffer data breaches after hackers launched a ransomware attack against Blackbaud - a cloud computing firm that administered the schools’ data, we witnessed tech firm Canon fall prey to a ransomware attack; and social media giant Twitter suffer a sophisticated social engineering attack through which the accounts of celebrities and high profile individuals were used to trick people into sending bitcoin to criminal accounts. And these are just some of the malicious cyber challenges.
While contending with cybercriminals, businesses are also under pressure to shore up their data privacy and protection practices, facing increasingly punitive regulation should they slip up and expose PPI. Furthermore, all cyber challenges have only grown more extreme in the context of the COVID-19 pandemic, which has forced many businesses to adopt remote working practices. With more employees working from home and accessing business networks remotely, commercial and personal cyber risk has grown exponentially.
Insurance Business America’s ‘Cyber Insurance Special Report 2020,’ analyzes the complex and ever-changing cyber risk landscape and corresponding insurance market with the help of four cyber insurance experts: Jeremy Barnett, chief marketing officer at CyberScout; Emy R. Donavan, EVP and global chief underwriting officer at Resilience Insurance; Shannon Groeber, EVP at CFC USA; and Jack Kudale, founder and CEO of Cowbell Cyber.
Optimism and excitement among the experts is high, and naturally so, considering the fast-paced and innovative nature of the cyber insurance market. Groeber (pictured top) made the comment: “The cyber market has evolved more in 20 years than the property market has in the last 200 as we adapt to new threat landscapes. With the increase in frequency and severity of cyber claims happening for businesses in all industries and sectors, cyber insurers are refining what their product should do for clients.”
The universe of insureds is also expanding and diversifying, with more buyers of all sizes and sectors. In particular, the experts identify opportunities for growth in the small and mid-sized business (SMBs) segment, which has traditionally been under-served, as shown by a recent CyberScout study that found that over 69% of small businesses do not have cyber liability coverage. Barnett (pictured immediately above) commented: “Carriers, reinsurers, brokers and consultants should not only see the economic opportunity of catering to the SMB market, but also an obligation to protect them.”
Kudale (pictured immediately below) added: “The SMB market is a perfect fit to drive the digitization of cyber insurance with simplified insurance applications, the use of technology, data, and artificial intelligence to bring speed, accuracy and consistency in the quantification, selection, and pricing of the risk covered. Cowbell’s 2020 research report on the adoption of cyber insurance in the SMB market shows that 65% will likely spend more on cyber insurance in the next two years.”
However, the market also has its challenges. All four cyber leaders acknowledged some troubling claims trends, particularly regarding ransomware, where the frequency and severity of losses has soared in recent years. Donavan (pictured below) said ransomware has now reached “epidemic status – comprising up to 40% of cyber insurance claims – and it continues to get worse, not only in frequency but also in the demands themselves, which have gone from four- or five-figure sums to multimillion-dollar amounts.”
Furthermore, the COVID-19 pandemic has made the threat landscape “significantly more dangerous in 2020 … and expensive,” according to Barnett. The pandemic, with its increase in remote work, has resulted in an uptick in cyberattacks for businesses across all industries. It has also fostered an “environment dominated by fear and uncertainty” for both businesses and individuals, Kudale added, which makes entities easier prey for cyber criminals.