The COVID-19 pandemic spurred a surge in ransomware attacks and data breaches across the globe, profoundly impacting the cyber insurance industry. According to data analytics firm Statistica the number of global ransomware attacks grew from 188 million in 2019 to 304 million in 2020. By the end of 2021, Cybersecurity Ventures estimates global ransomware damage costs will skyrocket to $20 billion representing 57X more than it was in 2015.

In response, more and more businesses are taking out cyber insurance policies to mitigate risk. A U.S. GAO report reveals cyber insurance take-up rates at one major carrier rose from 26% in 2016 to 47% in 2020. Indeed, global insurance company American International Group has seen a 150% increase in frequency for ransom and extortion claim notifications since 2018.

Faced with increasingly frequent and costly reimbursements, cyber insurers are raising premiums and limiting payouts just when businesses need insurance the most. According to an Insurance Journal article cyber premiums in the U.S. and Canada jumped 29% month-over-month in January 2021, 32% in February 2021, and a staggering 39% in March 2021.

Most insurance companies are slashing limits, adding policy exclusions, raising retentions and waiting periods, and instituting other restrictions. Some providers like AXA have eliminated ransom reimbursement benefits altogether. Most insurers have introduced strict underwriting guidelines, which can drag out application and renewal processes from days to weeks or even months.

Gone are the days when insurers issue policies with few questions asked. Today, underwriters are more discriminating than ever, often denying coverage to high-risk applicants. The days of “one-size-fits-all pricing” and easy discounts are over. These days, underwriters scrutinize each applicant’s risk profile and price policies accordingly.

Most underwriters take a close look at a policyholder’s security systems and practices to assess risk. They often use open-source scanning tools like OpenVAS and OpenSCAP to probe customer networks for vulnerabilities and leverage security rating services like SecurityScorecard and BitSight to evaluate risk. Many partner with outside cybersecurity firms to vet customers.

This whitepaper provides an overview of the criteria underwriters typically use to assess cyber risk, grant coverage and price policies. It provides tips for improving cyber readiness and streamlining the application process. And it explains how the CyberArk Identity Security Platform can help you quickly strengthen your security posture, address underwriter concerns and contain cyber insurance costs.

 

Continue Reading