How to Navigate the Hardening Cybersecurity Market
Insurance buyers can get a leg up on renewals by understanding how the process has changed amid the global pandemic.
Compared to other insurance coverages, cyber insurance is a relative newcomer to the insurance marketplace. However, as losses have increased in recent years, the cyber market has begun to harden, with rising rates and tighter underwriting criteria.
The onset of COVID-19, and significant increase in both frequency and severity of ransomware attacks, has led to accelerating rate increases and possible restriction of capacity and coverage terms. When it became clear that organizations would be dealing with many of their workers being remote for the foreseeable future, new complexities emerged regarding technology dependencies and how companies can keep their networks and information safe.
The result has been a perfect storm for increased attacks. Global ransomware reports are up 715% from 2019 to 2020, and payments have jumped 60% in value since 2019.
Ransomware claims and losses are expected to continue in 2021, and as a result, carriers have a much deeper focus on underwriting. In particular, carriers want to ensure that appropriate controls are in place for organizations to defend against ransomware attacks. Security access controls, multi-factor authentication (MFA), and business continuity/disaster recovery planning are issues that are top of mind for cyber underwriters in 2021.
With that backdrop, here are four actions insurance buyers should consider as they navigate renewals this year and take these discussions to the C-suite.
Start conversations early and make them inclusive.
Too often, internal renewal conversations only involve talking with your company’s risk managers. Instead, it’s best to include everyone, from information security and information technology experts to C-suite leaders, to ensure your company understands the current cybersecurity environment and its challenges — including how swiftly the market is changing. Start these conversations well before your renewal date to help you gain some control in your overall renewal process. Companies that build in renewal lead time gain an advantage by giving their broker the necessary time to explore all market options to deliver best-in-class coverage and cost outcomes. Additionally, begin discussions with your insurance carrier partners early to understand their challenges and to better understand your goals for renewal.
Figure out your renewal priorities.
For some companies, insurance pricing matters most. For others, the priorities are policy language, coverages, incident response expertise, risk retention or claims handling. Knowing what is top of mind in terms of risk mitigation will help guide you to understanding those priorities, as well as guide carriers to ensure they are meeting your expectations.
If pricing is a top priority, there are carriers that have recently entered the cyber marketplace, unencumbered by ransomware losses and seeking market share with competitive rates. However, established insurers are telling brokers they are looking for 30-50% percent increases for large enterprises and 20-40% in the middle market.
Learn about the evolving underwriting process.
The loss driver during the pandemic has been the increase in frequency and severity of ransomware attacks. This has pushed carriers to focus on underwriting the security controls associated with ransomware. Some are requiring use of coinsurance and/or sub-limits for all losses associated with ransomware events, and in many cases also requiring supplemental ransomware applications. If clients cannot answer these questions in a satisfactory manner, they may risk significant rate increases, coverage restrictions, or non-renewals.
Know that current claims are driving market changes.
The cyber market is changing so quickly, and the increased volume of claims is largely driving the market. Potentially requiring coinsurance, extending waiting periods, and increasing rates are all underwriting options carriers are implementing. The environment is largely reactionary right now, meaning it’s unclear what to expect from carriers in the next year in terms of market changes.
In an evolving cyber insurance risk landscape, buyers need to know how to approach their renewal process to maintain coverage and keep premium manageable. These four actions can help to navigate changes and communicate the changing nature of cyber to the C-suite, which will be critical for risk managers.
 Bitfender’s Mid-Year Threat Landscape Report 2020, page 1
 Coverware Ransomware Marketplace Report, August 3, 2020