Data from the National Association of Insurance Commissioners (NAIC) identified that the number of cyber-attacks has not just simply increased throughout the pandemic but the success rate of the attacks has increased too.
During the session ‘The State of the Cyber Market and the Captive Solution’ at the Vermont Captive Insurance Association (VCIA), it was outlined that cyber is increasingly an emerging risk and can have huge ramifications for businesses.
Remote working models have increased due to the pandemic, which has increased companies’ vulnerability to cyber attacks.
Cyber insurance has become increasingly popular due to the increased vulnerability companies face. This insurance is a form of cover designed to protect a business from threats in the digital age.
Aaron Hillebrandt, principal and consulting actuary, Pinnacle Actuarial Resources, said: “NAIC wants everyone to know that the cyber insurance policy that you have may differentiate between company-owned equipment and employee-owned equipment.”
He explained: “With remote work if you have a ‘bring your own device policy’ then you really need to understand what the cyber policy says about that because potentially the ‘bring your own device’ coverage could be much more limited or even excluded entirely.”
Further to this, Ponemon research found that 54 per cent of organisations required remote work during the pandemic, and 76 per cent of participants said this meant it would take a longer time to identify and deal with a breach, and 70 per cent said remote work would increase the cost of a data breach.
Of this, Hillebrandt said this shows more signs of costs escalating.
“Previously I would have said this rate level was driven by competition rather than risk. Rate levels were going down so companies could write more cyber as the market was expanding. So now because of that, and because of all the changes throughout the pandemic, the rate level is really struggling to catch back up,” he said.
According to Hillebrandt, there will be rate increases coming for a while and remote work certainly complicates that issue.
Hillebrandt also looked at Travelers as just one example of all the companies where the rate level was going up. “Even though Travelers may have a big reputation for cyber, that's a very small part of what Travelers is as a whole,” he noted.
“Now if you're looking at putting cyber in your captive or if you're already doing that, the cyber exposure may be much more significant to the captive than it is to a commercial carrier.”
“So, the takeaway here is: whether it's your captive’s actuary or broker or another source provider, all of them really need to be on top of what's happening in the cyber market or with any emerging risks so they can make sure that the captive is up to date on what they need to do to address that risk, it's not a coverage to be complacent on.”
Elsewhere in this panel session, the speakers discussed the hot topic of ransomware. Aarti Soni, Esq, cyber director, McGriff, noted there has been a huge uptick in ransomware attacks in the last 12 to 18 months.
“So much so that the cyber insurance market insurers that are participating in cyber coverage are trying to find ways to contain their exposure,” Soni explained.
Just in the last seven or eight months, there have been attacks on the CNA, SolarWinds, Microsoft Exchange, Colonial Pipeline, and JVS.
Soni said it is difficult to determine the cause of a lot of these attacks, but they're increasing in frequency and severity, meaning that the demands are getting much higher now they're into the seventh, and eighth figures, and occurring more often.
Another notable aspect of the cyber insurance market right now is the regulatory environment.
Soni explained regulation has expanded since the general data protection regulation (GDPR) in 2018 and noted $332.4 million fines have been imposed under GDPR.
Meanwhile, 128 out of 194 countries have enacted data privacy regulations.