January 6, 2023
Over the past decade, Cyber Insurance has slowly moved to the forefront of an organistaions robust risk management strategy, with firms increasingly eager to implement this product into their insurance portfolios. As reported by P&S Market Research Global, the global Cyber Insurance market could reach £14bn throughout 2023 with a compound annual growth rate of over 20%.
Below I have noted 6 trends we will see in the Cyber Insurance industry in 2023. How will this impact your Cyber Insurance strategy in the new year?
Throughout 2022, we experienced innovative underwriting techniques used to scrutinise the plethora of inbound risks, with underwriters utilising scanning technologies to identify cybersecurity vulnerabilities within an organisation. This contrast with traditional methods and allows the underwriter to understand the risk in greater detail.
In 2023, insurers will move away from proposal form-based presentations and transition into more intrusive underwriting, utilising new technologies and Artificial Intelligence to accurately determine risk value. This will be especially common for many start-up companies looking to disrupt the insurance market.
2022 a lot of new entrants into the Cyber Insurance market with MGAs establishing themselves among the traditional insurers. From a speciality wholesale brokers standpoint, this is the most competition we have seen in the market. This level of competition allows for a variety of options for the insured upon implementing cyber or when looking to move at renewal. This year, I anticipate this trend to continue with plenty of new entrants coming to market along with existing insurers widening their appetite with larger line sizes and entering the primary insurance space.
Increased competition breeds lower premiums. In 2023 I predict that rates will start to even out, and the industry will not revert to previous trends by increasing premiums. With more competition, improved loss ratios, in-depth underwriting, and improved risk management amongst applicants, I can only see the large increases of the past begin to stabilise.
Baseline Security Requirements Strengthened
With the increasing sophistication of ransomware attacks and despite improvements in cyber hygiene and risk management over the past decade, insurers have become more demanding in their minimum security requirements to obtain coverage. No longer are firewalls and antivirus enough to obtain coverage. In 2023, we will see the continuation in demand for best-in-class cyber security controls including Multi-Factor Authentication, use of VPNs in remote access and Endpoint Detection & Response along with mandatory Privileged Access Management and ongoing vulnerability scanning and detection.
Covering 36% of cyber claims, Funds Transfer Fraud overtook Ransomware as the primary source of Cyber Insurance claims in 2022 - reported by Corvus’ Risk Insights Index. However, with significant threats such as Ryuk, BitLocker, Royal, and WastedLocker, alongside the emergence of 'Ransomware-as-a-Service' (RaaS), attacks have become more sophisticated in evading cybersecurity controls. For this reason, I expect Ransomware to be in prime position for the top spot for cyber claims in 2023.
Increased Cyber Regulation
Throughout 2022, we have seen increased client contracts requiring certain limits of Cyber Insurance. Market forces demand risk management and insurance protection from their suppliers, vendors, and clients. In 2023, I predict less reliance on a laissez-faire, free-market approach, with regulators across many sectors looking to impose a minimum level of cyber insurance and risk management across their members.
In October 2021, the SRA amended their minimum terms and conditions for Solicitor’s Professional Indemnity cover that requires insurers to make it visible that cyber exposures are not covered by Professional Indemnity policies! This is not imposing cyber insurance on their members. It is making it clear that there is a real exposure that needs to actioning. In 2023, I anticipate this is replicated across other regulatory bodies and there should be a serious discussion on whether cyber protection should be mandatory.
As with all articles on trends and predictions, this is not an exhaustive list - there will be plenty of variables and driving factors that will affect the Cyber Insurance industry in 2023. However, one theme that has remained critical is the need for Cyber Insurance in a firm's insurance program.
Should you require assistance in placing a cyber risk in the London or Lloyd’s market, feel free to get in touch!
Written by George Grimshaw
Cyber Insurance Specialist - UK & International