Words of wisdom from our business insurance experts.
The short answer: an increase in cyber-attacks and a surge in demand for cyber insurance.
The long answer: let's begin with some fundamentals...
How are insurance rates created in the first place?
Somewhere in an office there's a team of people (and robots) calculating a myriad of numbers like historical data, premium dollars written, losses incurred, and some other nerdy things that establish how profitable an insurance company is. The technical industry term for this is often called the insurance companies "Loss Ratio". If their book of business is generating less premium dollars relative to the losses they are paying (ie, a bad ratio), then they start increasing their rates to cover their losses and restrict adding business to their books. It's an extremely complex process, however, the concept is simple - insurance providers need profits, so if they are losing money, the best way to make it back is by increasing their prices (ie, rates).
Today (it's February 2022, by the way) most insurance companies providing cyber liability have extreme anxiety. There's two things happening that create this -- an increasing demand for cyber insurance and an increasing number of cyber-attacks. Insurance companies take on a lot of risk with cyber insurance, especially considering the unpredictable world of technology, creative hackers, and bad people.
It's not if an attack will happen, it's when.
Cyber-attacks are expected to cost the world $10.5 trillion annually by 2025. Yes, that is the letter T, and it's certainly proving to be the case as attacks are occurring more often. In fact, in 2020 alone, ransomware attacks increased by 150%. This is due in part to the creativity of hackers, the advancement of technology, and more employees working from home. As employees work from their own computers and WiFi networks, ultimately sharing more data remotely through cloud apps, the number of security blind spots balloons.
Here are a few interesting facts about cyber-related crimes over the past 2 years:
- 91% of all cyber attacks happen from emails (Deloitte)
- There's a ransomware attack on business every 11 seconds (Cyber Security Ventures)
- 44% of data breaches we caused by malicious employees (Verizon)
- The average cost of a ransomware attack was $1.27 million (HHS Cybersecurity)
- The most targeted industries in 2021 were financial services and healthcare (IBM)
If you're a business owner, then you may be thinking "wow, these numbers are alarming, I should probably get cyber insurance." As more cyber attacks occur, more people will consider cyber insurance to protect their assets, and more insurance carriers will underwrite these policies. The problem with the overwhelming demand for cyber insurance today is the lack of experience some insurers have and the issue of 'biting off more than they can chew'. Adding new clients to an insurance providers book of business may seem like a good thing for business, however, if more cyber attacks continue to happen, then this influx of business may expose some of the largest insurers.
The uptick in cyber attacks, especially with high profile companies, has caused a media frenzy bringing even more awareness about this issue. For example, hackers took down the largest fuel pipeline in the U.S. which garnered weeks of coverage by mainstream media exposing the dangers of ransomware. More and more stories are coming out about cyber-attacks and it's causing more people to wake up and think about insurance. This is great and all, however, it puts the insurance companies in a tough position as they cap the number of policies they can underwrite each year. This prevents them from over-extending themselves and risking bankruptcy from too many claims at once. When carriers start reaching capacity, they are forced to increase rates.
If it's too good to be true, then it probably is.
As a firm specializing in cyber liability and data breach insurance, our team is beginning to see a pattern with insurance providers on the web that my be alarming. Today, there are over 30 insurance companies providing coverage for cyber-related issues. A lot of them go directly to the customer and make the process easy, fast, and well, cheap.
The average business owner or executive doesn't have the time to read a 50+ page policy or study the policy language that ultimately covers the risk. As we discussed above, insurance companies are in the business of making money and would rather not pay a claim if they don't need to. Are you reading between the lines? Many businesses learn the hard way that the great price they were paying for coverage didn't actually provide them with the coverage they needed.
To avoid this panic attack, you should work with an advisor who has partnerships with the most credible insurance companies, and one that specializes in cyber liability. Further, they should discuss the exclusions and policy language to ensure there are no gaps in your policy. Sure, you may end up paying more for a premium insurance policy, but you can sleep better at night knowing it will actually protect you when an attack happens.
If you're interested in learning more about cyber liability insurance, feel free to check out our cyber insurance page explaining everything in detail.
Prefer to speak with an advisor directly to learn more? Reach out to Fullsteam Insurance today.