As ransomware attacks proliferate, a number of issues have arisen for cyber insurers that need to be addressed quickly.
The ever-increasing number ransomware attacks has created a dilemma for those in the cyber insurance industry. With premiums skyrocketing, coverage limited and insurers struggling to earn revenue due to costs and the growing number of claims, something needs to be done. Because of these factors, organizations are looking for new risk assessment methods to better evaluate the cyber insurance market, according to Panaseer’s “Report on 2022 Cyber Insurance Market Trends”.
As part of the report, 400 global insurers were surveyed to discover the challenges the market faces and possible solutions to realize a healthy cyber insurance market.
“Cybersecurity insurance is an effective way for organizations to transfer their cyber risks and reduce the impact of threats and vulnerabilities,” said James Graham, VP of Marketing at cybersecurity firm RiskLens. “The core exercise in assessing cyber risk for insurance purposes therefore remains to quantify the likelihood and financial impact of cyber threats.”
TO SEE: Mobile Device Security Policy (Tech Republic Premium)
Problems with the current cyber insurance model
With many resources that a year-over-year increase in ransomware attacks, there are several issues with the way cyber insurance works. Insurance organizations struggle to correctly assess the risks surrounding their customers and usually have limited access to their customers’ data.
Some of the reasons why premiums have increased over the years were:
- Increasing sophistication of cyber threat actors
- Rising costs of ransomware attacks (e.g. higher ransom)
- Inability to accurately understand a customer’s security posture
Due to these factors, the price of coverage continues to rise. According to the survey, 82% expect cyber insurance premiums to continue rising over the next two years. In 2020 alone, 66.9% of the top 20 insurers saw loss ratios, with the number of attacks only increasing as one of the side effects of the COVID-19 pandemic. The areas that made the most cyber claims were manufacturing, financial services, and healthcare, indicating the need for rapid change to support these three critical infrastructure components.
The good news, despite the financial losses that the top cyber insurance providers have suffered, is that those in the industry believe that existing risk models are solid. Nearly every respondent in the survey (91%) said they are confident in their underwriting process, but changes are still needed to make sense from a financial standpoint.
Solutions to Cyber Insurance Problems
One potential solution for the industry as a whole suggested in the report was to transform how security attitudes are measured during the adoption process. According to Panaseer’s findings, 87% believe it is important for the industry to develop a consistent approach to analyzing a customer’s cyber risk using accurate security metrics and measures.
Another possible answer is that insurers will have more access to their customers’ information. A majority (89%) of companies surveyed said they find it valuable to have instant access to customer statistics and measures that demonstrate the status of their security controls.
Graham suggests companies should use RiskLens’ on a larger scale Factor analysis of information risk (FAIR) model, to provide more clarity on the costs of cyber insurance. Through this model, organizations would view enterprise cyber risks in their entirety and challenge and defend cyber risk decisions using an advanced risk model.
“The FAIR cyber risk quantification model is designed to provide insight into the cost of cyber risk, information that should be at the heart of any insurance assessment or purchase,” Graham said. “In fact, organizations around the world are already using FAIR to assess their cyber risk in practical terms and make security decisions – including insurance coverage – based on the business terms provided by FAIR assessments.”