According to a recent report, two separate CEOs of major insurance giants have remarked in recent weeks about a considerable jump in cyber insurance premium prices – as much as 40% — in large part due to the rise in ransomware claims. And those price increases may still not tell the whole story.
The report in CyberScoop (Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up, written by Tim Starks – hat tip to Sharon Nelson’s excellent Ride the Lightning blog for previous coverage), stated that AIG’s chief executive said rates increased by 40% for its clients, while Chubb’s chief executive said that company was charging more, too.
Rather than welcoming the trend, Chubb CEO Evan Greenberg offered a warning. Those price increases, he said, still don’t reflect the grave risk that a catastrophic cyber event poses. “That is not addressing by itself the fundamental issue,” he said.
A significant driver of the huge price increase is ransomware. Ransomware now accounts for 75% of all cyber insurance claims, up from 55% in 2016, according to the credit ratings agency AM Best. The percentage increase in claims is outpacing that of premiums, said a June report which concluded that “the prospects for the cyber insurance market are grim.” Fitch Ratings in April found that the ratio of losses to premiums earned was at 73% last year, jeopardizing the profitability of the industry. A lack of profitability could lead to yet more premium increases, insurers fleeing the cyber insurance market or policyholders receiving more limited coverage.
Even before the rise of ransomware, though, many analysts maintained that cyber insurance was particularly difficult due to an absence of historical data that complicated the kind of risk forecasting the industry typically uses to set prices. The issue has become severe enough that seven major insurers in June formed a company, CyberAcuView, to combine their data collection and analysis resources.
One example of just how wild the rate increase are getting: one North Carolina school board recently approved $22,318 for one year of cyber liability insurance — up from last year’s cost of $6,653 – a 235% jump. Ouch.
Is the industry itself to blame? Some think that paying the attackers rewards the crimes and encourages future attacks. As a result, insurance company AXA has said it will stop paying ransom demands for future policyholders, partly in response to French government pressure to halt the practice. Others might limit coverage. “As companies are deemed risky then maybe there’s a higher deductible, or the insurance company might say, ‘I’m not going to write a $5 million limit on your cyber, I’m just going to limit my exposure to you to $500,000,’” said Sridhar Manyem, director of industry research at AM Best.
Potential solutions include creation of cyber response funds or even taking lessons from other forms of insurance, like “disruptive bargaining” used in kidnap for ransom insurance. Or you could just say, “give me back my data!” 😉
So, what do you think? Does is surprise you that cyber insurance is rising so dramatically? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.