Cyber insurance claims and risks are surging as premiums dip, putting the industry in a precarious position. Despite strides in cybersecurity protocols, insurers are struggling to keep up with an onslaught of complex and frequent cyber incidents. From large-scale data breaches to double extortion ransomware, the threats can seem countless. Industry experts warn that if these trends persist, the financial stability of the sector could be at risk. That’s the big takeaway from Gallagher Re’s 2024 Cyber Loss Trends Survey, which sheds light on these challenges and offers a glimpse into the turbulent landscape facing cyber insurers today.
Gallagher Re conducted this survey between May and July 2024, gathering insights from 17 participants across the insurance and reinsurance sectors, each covering a variety of target markets and customer demographics. By analyzing historical claims data from the last three years and the professional judgment of industry insiders, the survey provides a nuanced view of cyber insurance’s current state and potential future. Gallagher Re plans to repeat this survey annually to track evolving trends and their impact on claims frequency and severity.
We took a look at the executive summary, and our thoughts follow; you can read it for yourself here.
Declining Rates Amid Rising Cyber Claims Complexity
Gallagher Re’s findings reveal a paradox in the cyber insurance sector. While rates have dropped consistently over the past year, the landscape remains fraught with high-risk incidents and growing claims complexity. Cyber insurers face mounting pressure to maintain performance as losses, exemplified by major incidents involving Change Healthcare, Synnovis, CDK, and CrowdStrike, accumulate steadily. The survey indicates that while these losses have yet to deplete catastrophe (CAT) loads, their rising frequency suggests that if the trend continues, it could strain insurers’ capacity.
Frequency and Severity Trends: Mixed Insights on Ransomware and Data Breaches
One of the survey’s core findings is the fluctuation in incident frequency and severity. According to Gallagher Re, 59% of respondents noted an increase in claims frequency, while 71% reported heightened severity, especially among larger companies prone to prolonged settlement periods. This growth is partly attributed to more sophisticated and targeted ransomware attacks, with “double extortion” tactics expected to intensify. While traditional ransomware may see a slight decline, attacks involving data breaches, business email compromise (BEC), and fund transfer fraud (FTF) are projected to increase within the next year.
Incident Management and Proactive Vulnerability Notifications
Most insurers now outsource their incident response functions and proactively notify policyholders about critical vulnerabilities and emerging cyber threats. Gallagher Re’s data shows that 24% of participants witnessed a decrease in claims frequency due to proactive vulnerability management and improved cybersecurity measures. This proactive approach reflects the market’s growing emphasis on preventative measures and early detection as tools to curb the rising tide of cyber incidents.
Evolving Cyber Claims Classification and the Challenges of Settlement
The survey identifies a growing concern with a lack of granularity in claims classification. Most insurers use broad labels for incidents, classifying them as malware, data breach, network issues, or provider-related. Few insurers dive into specific details, complicating risk assessment. Multi-incident claims are becoming more common, and Gallagher Re highlights this as a concern.
Settlement times have increased significantly. Larger companies face higher risks of class-action lawsuits. The United States is particularly affected. Longer settlement times may deter businesses from seeking coverage. Claims complexity is also rising. Streamlined processing methods are needed to address these issues.
AI and Data Poisoning: Emerging Threats on the Horizon
Artificial intelligence (AI) looms large as both a tool and a risk in the cyber insurance domain. Gallagher Re’s survey respondents expressed significant concerns over the potential exploitation of AI systems, particularly regarding data poisoning and malicious AI model manipulation. These vulnerabilities could disrupt AI-driven cybersecurity defenses, introducing challenging risks to predict and manage.
Respondents noted that while AI may not offer an outright advantage to cyber attackers or defenders, its dual-use nature necessitates robust risk management strategies to mitigate misuse. AI adoption across sectors could lead to increased exposure to these threats, posing a nuanced challenge for cyber insurers aiming to cover AI-related vulnerabilities effectively.
Industry-Specific Risks: Healthcare and Technology Lead in Vulnerability
Certain industries emerge as particularly vulnerable to cyber incidents. The healthcare sector, already a high-risk area in 2023, saw increased susceptibility in 2024, followed closely by information technology, finance, and public administration sectors. Small and medium enterprises (SMEs), although having a smaller digital footprint, face unique challenges due to limited cybersecurity resources, which often lead to proportionately severe impacts in the event of a breach. These factors amplify insurers’ challenge in pricing policies accurately across diverse industry verticals.
Shifts in Coverage Trends and Legal Complexities
An evolving legal landscape adds another layer of complexity. Gallagher Re notes stricter coverage conditions in cases involving wrongful data collection and unauthorized data use. This shift is attributed to heightened awareness around data privacy regulations and the potential for class-action suits, particularly in the United States. However, as market competition intensifies, some insurers may begin relaxing exclusions to retain profitable clients, potentially increasing exposure to these types of claims.
Cyber Claims Future: A Focus on Proactive Measures
Gallagher Re’s survey underscores the necessity of proactive measures in cyber insurance. Insurers are increasingly alerting clients to potential risks, focusing on risk mitigation rather than solely on post-incident responses. This approach aims to curtail losses by encouraging better cybersecurity hygiene and improving defenses against evolving threats. As the cyber threat landscape grows more complex, insurers are urged to adapt by refining policy wordings, enhancing classification practices, and developing more nuanced risk models.
Conclusion
Gallagher Re’s survey paints a stark picture. Cyber insurers face challenges. They must balance rate declines with increased focus on mitigating cyber threats. Cyber incidents are rising in frequency and complexity. Settlement times are getting longer. AI-driven risks are adding to the difficulties. The road ahead for cyber insurers is tough. Resilience is key to navigating these shifts. Proactive engagement will be crucial. Risk management must be refined. The approach must adapt to emerging technological threats. Insurers need to anticipate future cyber challenges. Strategies must enhance agility and response. The threat landscape is constantly changing.
Other News: Severity of Ransomware Attacks Surges in First Half of 2024 – Coalition Report(Opens in a new browser tab).
Other News: North Korea joins forces with underground hackers to spread ransomware: Report.