Reshaping the Cyber Insurance Narrative

Reducing Severity

With the rise in limit management measures and ancillary coverages restrictions from carriers, we’re starting to see a reduction in severity of events. And soon (in some cases, we’re already seeing it), language will be deployed in the market that addresses large-scale events.

So, in answer to that question we’ve been getting—how do you stop a massive attack from happening? We cannot prevent a cyber event. However, the industry is in a significantly better position to respond as a result of underwriting diligence, technology deployment, and a consciousness of risk aggregation. It’s the principle that seatbelts save lives, not prevent car accidents.

Requirements for business continuity/incident response plans, vulnerability scans, and tools for active monitoring are also emerging. These tools are designed to not only give value to the end-insured, but also provide greater visibility into the security of SMEs, allowing the underwriting process to mirror that of larger insureds.

Carriers now use a pretty broad range of scanning tools, and while we’ve come a long way in a short time, this will only improve. That’s really what we focus on now. Obviously, losses will occur, but the goal is to reduce the severity. And that’s what we’re doing with limit deployment and security deployment overall.

Much Better For It

Looking ahead, there are two key truths: 1. Cybercrime will continue to evolve alongside us, constantly exploring, probing, and even penetrating when the opportunity arises. 2. However, we’ve got the knowledge, the controls, and the policy language in place to respond to cybercrime effectively—and much more strategically than just a few years ago.

Today, as an industry, we are more equipped to respond robustly to cyber threats and can be more confident at the insurance carrier level that cyber insurance is going to respond “in kind,” and in line with the profitability goals of the organization. Will we have to consistently adapt and evolve? Yes. Will it be easy to stay in front of the threats? No. Will there be missteps and/or learning opportunities? Absolutely. But it’s no longer like it was, and we’re all much better for it.

To that end, we can likely expect a hard market for the next one to two years, with insurance companies continuing to tighten controls, cut limits, and experience double-digit rate increases. Capacity is also still going to be a challenge as a whole. That said, loss ratios of existing portfolios should begin to see improvement, and a continued focus on the SME profile should yield advantageous results.

Ultimately, it's time to lean in to cyber insurance, and recognize it for what it has become: smarter, more robust, more comprehensive, and altogether more reliable. Together, we can create an even greater system and safety net, all while reshaping the cyber conversation so that it benefits us when we need it most. At the end of the day, it’s on us to make it happen.


This article was first published by Insurance Business America. View the original article.