Trends in the Cyber Liability Marketplace

In 2024, most businesses are aware that they need coverage for cyber security risks. But the reality is that the risks are still not insured properly in most cases. In fact, a Munich Re report showed that 87% of risk managers surveyed said that “their company is not adequately protected against cyber risks.”

Cloud technology, generative AI, and the Internet of Things (IoT) have all impacted companies’ reliance on technology. And while in some cases this results in improved cyber security, there also may be more opportunity for hackers to gain access as well as human error.

Having cyber security plans in place is critical. Training your staff, understanding the risks, utilizing data protection tools, and implementing multi-factor authentication are all components of a strong cyber security foundation. But even with all that in place, companies need cyber liability coverage in case of mistakes, malicious acts, third-party issues, and more. Help your clients understand that cyber risks cannot be 100% prevented, and they must be prepared in case the need arises for response, notification, mitigation, and recovery.

The Trends

Email compromise still remains a primary area of concern for cyber risks. Between 2021-23, email compromises caused over $3 billion in losses. Data breaches also remain a high priority for concern, causing an all-time high cost for major breaches at $4.45 million. Around 90% of those breaches included a human factor or error in the loss. And while these concerns are commonly thought of threats, some lesser-known risks are also impacting the marketplace.

Automated Cyberattacks

Automation has been heavily integrated into many business practices, so it only makes sense that cyber criminals would automate their approach too. “Crimeware” is the name for this form of attack, and it is used in a wide array of hacking activities. Stealing passwords, capturing keystrokes, redirecting real websites to malicious websites – these are all activities being automated to perpetrate identity theft through social engineering or stealth.

Prolonged Cyberattacks

Hackers are now incorporating methods called “heavy campaigns” to try and test systems and find vulnerabilities over time. One such method is known as a distributed denial-of-service (DDoS) attack. This occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. A DDoS attack uses more than one unique IP address, often from thousands of hosts infected with malware.

Social Engineering

Human error is still a main driver for breaches, so it only makes sense that social engineering – the name for the manipulative practices that cybercriminals use to gain access to sensitive information – continues to grow. Phishing (fake company or organization emails or texts requesting secure info) is the most commonly known form of this, but hackers have elevated the sophistication of these scams to new levels with coordinated email, text, and even phone calls that seem to validate the information they’re requesting. For smaller businesses, attempts to request money by wire or digital currency are constantly occurring, and unfortunately with some degree of success.

War and State-Sponsored Attacks

A new reality of global politics is cyber warfare. And this doesn’t always mean hackers are targeting government entities and networks. Often, the goal is disruption of networks, access, supply chains, and sometimes even just instilling fear & doubt. This can impact many companies that are involved or connected to the overall network in any way, regardless of their “value” as a political target.

The Marketplace

The market for cyber insurance hit $14 billion in 2023 and is projected to more than double by 2027. Frequency, severity, and sophistication of attacks has driven rates up in the market, although capacity still seems to be favorable with the exception of certain industries (e.g., education, manufacturing, and municipalities).

Acquisitions have also been large in the space, with Travelers purchase of cyber MGU Corvus as just one example of the changing landscape. It is highly likely that carriers’ interest in cyber will continue to grow and evolve over the next few years.

At QuoteWell, our team is well-versed in cyber liability risks and can help you find appropriate coverage. Let’s discuss a partnership approach to help you find your clients the best placement for their cyber risk.

Source: https://www.munichre.com/en/insights/cyber/cyber-insurance-risks-and-trends-2024.html