The report by global insurance firm Aon plc predicted that rates would jump by 20% to 50% this year due to two main factors:
1. Cyber attacks are becoming more frequent
While publicly disclosed data breach/privacy incidents are actually occurring less often, ransomware attacks are exploding in frequency.
When measured over periods of four quarters, ransomware incident rates rose 486% from the first quarter of 2018 to the fourth quarter of 2020. The comparable rate for data breach incidents fell 57% during the same period. The incident rates for the two types of events combined rose 300% over the trailing two years.
2. The costs of these attacks are growing
The average dollar loss increased in every quarter of 2020.
Ransomware attacks were particularly severe – many of them resulted in eight-figure losses. Others may grow to that level as business interruption losses are adjusted and lawsuits against insured organizations proceed.
The combination of more frequent and more costly losses is a recipe for higher rates.
Cyber insurance rates continued increasing in 2020, rising between 6% and 16% in the last four months of this year.
In January 2021, most of the top 12 cyber insurance companies told Aon they were planning more drastic rate hikes. Nearly 60% reported that they would be seeking rate increases of 30% or more during the second quarter. None of them expected increases less than 10%.
New underwriting criteria
Some insurers may also cap how much they will pay for ransomware losses, or even exclude them entirely. They may also increase the waiting periods before coverage begins to apply.
WHAT BUSINESSES CAN DO
To improve your chances of getting more favorable pricing and coverage, the report recommends that you focus on:
- Reducing the risk of cyber losses.
- Measures to keep data private.
- Building an internal culture of cyber security.
- Preparing for ransomware attacks and disaster recovery planning
- How your contracts and insurance will respond to a supply chain security breach.
- Understanding primary and excess coverage terms and communicating primary terms to excess insurers.