As the cyber market matures, it’s increasingly evident that fighting off cyberattacks is going to be an ongoing team effort. Brokers, carriers, cybersecurity organizations and insureds all play a role, from security to training to assessing adequate coverage.
According to the latest Cyber Insurance Outlook report from Arctic Wolf, the risk of cyberattack has become a part of daily operational concern for many organizations. Yet growing awareness of how organizations can protect themselves from attacks and loss still poses a challenge to the insurance industry.
Seventy percent of insurance professionals responding to this most recent survey (77% of brokers and 63% of carriers) expect the number of new cyber claims to increase, mainly because of steadily growing threat activity.
The Cyber Coverage Gap
One figure the Arctic Wolf report highlights is the discrepancy between cyber coverage figures provided by brokers and those supplied by businesses. While brokers estimate 47% of organizations have the coverage they need, 65% of responding organizations claim they are covered in the event of a cyberattack.
The report hypothesizes that businesses are unaware of the extent of their coverage or what specifically is needed. This 20% gap could represent an opportunity for brokers to reassess clients’ needs and make recommendations for additional protection and mitigation.
Insurers may also initially reject clients for cyber coverage because they have inadequate security controls in place (26%), lack financial stability (21%) or can’t supply the insurer with enough information (21%). While brokers are most likely to reject a client because of financial instability (23%), carriers are more likely to ding potential insureds for missing security protocols (32%).
Cautious Cyber Claimants
In the past year, 12% of clients with cyber insurance made claims, with ransomware accounting for 18% of those claims. Other common claims included data breaches, theft of funds and phishing incidents, including business email compromise.
However, clients who make claims may find that their rate increases because of a claim (66%) or that they face increased scrutiny during the renewal process (56%). Seven percent reported that they were asked to implement additional controls as a condition of renewal, which could include additional training, upgraded security, or other measures.
Insureds may also have claims rejected because they fall outside the terms of their policy (25% of rejections), their coverage was less than the total claim (19%), the incident fell below the client’s self-insured retention (18%), the incident failed to disclose risk on the client’s application (17%), or the incident was deemed gross negligence.