The price of cyber insurance cover grew by 130% in 2021, but any organizations expecting respite will be disappointed. The majority of insurers in a NAIC survey (82%) expect cyber insurance premiums to continue rising over the next two years. This is to be expected given the current loss ratio on cyber insurance policies.
A Losing Game
According to the NAIC, the top 20 cyber insurers in the U.S. saw loss ratios averaging 66.9% in 2020 (the most recent year for which data is available). However, three of the insurers in the group saw losses exceed 100% of their total premiums. In comparison, none of the top 10 car insurers in the US saw loss ratios above 75% in 2021.
While increasing costs are inevitable, it will likely mean some organizations look for alternative options. “Rising premiums are causing organizations to question the value of cyber insurance,” says David Fairman, CIO and CSO at Netskope. “It’s just becoming too expensive.”
He believes organizations need to make a decision based on their own operational resiliency. “If you’ve built a very resilient organization, and you’re confident it could absorb an impact and recover, do you really need insurance at that point?” says David.
Taking a Gamble on Self-Insurance
This is leading to a growing trend for self-insuring, where organizations set money aside to cover themselves should they suffer a breach. “This is happening more and more because premiums are ridiculously expensive,” says Andreas Wuchner, a cybersecurity and risk expert. “Organizations are instead investing in improving their own security rather than making the insurance companies rich.”
Despite the losses made by several of the top U.S. cyber insurers, confidence appears to be high that existing risk models give an accurate picture of a customer’s security posture. In the survey, 91% of total respondents said they have faith in their underwriting process.
But there are indications that many in the industry know a different approach is needed. While 46.5% said they are ‘very confident’ in their underwriting process, 44% are only ‘somewhat confident’. This lack of confidence in risk modelling among a minority of insurers could cause some to exit the market altogether.
Learn the Rules of Play
On whichever side of this debate you find yourself, if you would like a current, up-to-date and relevant review of the cyber-insurance market State-of-Play, tune in to Lynn Peachey on CyberEd.io when we launch.
Lynn is the head of business development at Arete Incident Response and a CyberEd.io instructor who has put together some informative courses where you can learn all the facts about cyber insurance that can impact your business. Lynn holds adjuster licenses in multiple states, earned her law degree at Pace and is admitted to the NJ and NY Bars. She is also CIPP/US certified.
Register now to join our newsletter and become eligible for cool contests, deep discounts and CyberEd swag.
Managing Director, CyberEd
King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 20 years. He has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group.