Read time: 8 minutes
Staying on top of cyber risks can be daunting, as threat actors evolve their methods and cyber insurance coverage becomes increasingly complex. Cyber insurance coverage is an important protection in the event of a security or privacy incident, but it is not the only protection. Policyholders also should protect themselves by monitoring trends in cyber risks, legal developments in cyber insurance coverage and potential cyber-related issues under other types of insurance coverage.
Cyber risk trends
Ransomware attacks are still considered the top threat to companies. According to the U.S. Treasury Department, banks and financial institutions flagged more than $1 billion in ransomware-related transactions in 2021, and that number likely will increase. The increase in ransomware attacks has resulted in increased premiums, more stringent underwriting practices and reduced capacity for some industries.
Business email compromise
Business email compromise (BEC) is a growing problem whereby threat actors target organizations by hacking company emails and making what appears to be a legitimate request for funds or information. The FBI issued a congressional report on BEC in 2022, noting that “BEC schemes often involve the spoofing of legitimate, known email addresses or the use of a nearly identical address” in order to transmit “false wire instructions from a criminal attempting to redirect legitimate payments to a bank account controlled by fraudsters.” These scams are evolving, to include spoofed emails purportedly from company CEOs, vendors, and attorneys making requests for W-2 and other personal employee information and trying to divert payroll funds. In 2021, losses associated with BEC-related complaints in the United States exceeded $2.4 billion, up from only $360 million in 2016. That number is likely to keep growing.
A recent report by insurance broker Marsh confirms that phishing and social engineering attacks are among the most common cyberattacks experienced by organizations. These attacks induce people to unintentionally reveal confidential information or allow threat actors to bypass network security. Although ransomware often tops the list of organizational concerns given the potential for huge losses, phishing attacks are becoming more frequent, more creative and more elaborate, and are often a precursor of a ransomware or other attack.
Cyber insurance goes mainstream
Ten years ago, cyber insurance was a niche market, with relatively few carriers offering it, and few companies using it. Now, most businesses carry cyber insurance. A recent report issued by insurance broker Marsh, in connection with Microsoft, shows a 14 percentage-point increase in organizations carrying cyber insurance—from 47% to 61%—since 2019. As cyber risks move to the forefront and cyber insurance increasingly becomes a standard part of businesses’ risk management portfolio, this percentage likely will increase in the coming years.
Continued premium increases
Prices for cyber insurance coverage increased rapidly in 2019, and while premiums have stabilized some since 2021, they remain high. As a result of the frequency and severity of ransomware and other attacks and continued economic volatility, many insureds are seeing cyber-risk policy costs continue to rise.
More entering the market
A midyear report by insurance broker Aon states that new carriers are entering the market, thereby creating more cyber insurance coverage choices. New insurers entering the market may help to stabilize premiums and provide options for increased program limits for large companies.
As companies work to ensure that their cybersecurity programs keep up with ever-changing risks, the use of artificial intelligence (AI) in cybersecurity is increasing. AI and machine learning tools for cybersecurity can help to identify and analyze millions of different events and pinpoint specific threats that might affect a given business. Over time, machine learning allows AI-based tools to flag risky behavior, identify new risks and attacks, and respond when cyber events deviate from specified protocols. A new report from Capgemini Research Institute suggests that use of AI is expected to increase in the coming years, especially in response to AI-powered cyberattacks. As machine learning becomes commonplace, and hackers use AI to expand their reach, use of AI to shore up cybersecurity is likely to increase as well.
- Ransomware is viewed as the biggest threat, but phishing and social engineering are most common cyberattacks.
- Losses from email targeting were $2.4 billion in 2021, up sevenfold from 2016.
- Premiums for cyber insurance rose in 2019 and remain high.
- Traditional forms of insurance may cover certain losses arising from cyberattacks.
- Courts are ruling both ways on whether traditional insurance applies to cyber events, based on differences in policy language and applicable law.