In the first quarter of 2024, the UK cyber insurance market has become increasingly buyer-friendly, characterized by abundant capacity and intense competition among insurers, according to Marsh’s report “Q1 2024 UK Cyber Insurance Report: Trends, Tips, and Strategies for Navigating the Digital Risk Landscape.” This competitive environment has driven significant rate decreases. “In the first quarter of 2024, cyber insurance rates for Marsh’s UK clients with annual revenues of over £200 million dropped, on average, 12%, compared to the same quarter in 2023″. This marks the second consecutive quarter of double-digit rate reductions, with 74% of clients experiencing premium decreases.
Despite the favorable market conditions for buyers, cyber threats remain significant. According to a UK Government survey published in April 2024, half of all businesses and 84% of large businesses reported a cybersecurity breach or attack in the preceding 12 months. These persistent threats underscore the importance of robust cyber risk management practices.
The report highlights the paradox of easing insurance rates amidst ongoing cyber risks, emphasizing that insureds have faced substantial ransomware and privacy losses. In March, major UK retailers and fast-food chains experienced IT outages, highlighting the critical dependence on technology in modern business operations. While no malicious intent was confirmed, the disruptions were a stark reminder of the vulnerabilities inherent in digital reliance.
Artificial Intelligence
A significant trend in 2024 is the dual role of artificial intelligence (AI) in cybersecurity. On one hand, cybercriminals are leveraging AI to automate and enhance their attacks. Conversely, cybersecurity firms are deploying AI to counteract these threats more effectively. The report notes, “AI is also being rapidly adopted by cybersecurity software providers to help defeat attacks,” specifically in improving the detection and filtration of phishing scams.
Another crucial aspect of the current cyber insurance landscape is the focus on underwriting practices. Insurers are scrutinizing vendor and third-party management and data collection practices more closely. This scrutiny has led to more comprehensive coverage options for organizations as underwriters gain comfort with the detailed information provided by insureds. Additionally, the inclusion of specific war and territorial exclusions in policies aligns with Lloyd’s requirements, reflecting the industry’s proactive stance on systemic cyber risks.
Cyber claims have shown a slight increase in the first quarter of 2024, with Marsh UK clients reporting 144 claims, nearly identical to the 143 recorded in the same period in 2023. The report highlights the ongoing challenge of zero-day vulnerabilities, which are security software flaws unknown to developers and can affect multiple organizations across different sectors. These vulnerabilities, along with sophisticated ransomware and business email compromise incidents, continue to pose significant financial burdens on businesses.
Ostrich Approach
The report emphasizes that an ostrich approach to cyber risk is no longer viable. Organizations must recognize the inevitability of cyberattacks and prepare accordingly. “The mindset of insurers and others has shifted from if there is a cyberattack to when there is a cyberattack”. This shift necessitates a focus on incident response capabilities, including the ability to switch production facilities or manage stock during a cyber event.
To enhance cyber resilience, the report recommends regular cybersecurity training for employees, robust incident response plans, and frequent testing of these plans. The role of employees as the first line of defense is critical, particularly with the rise of sophisticated phishing and deepfake scams.
The Q1 2024 UK Cyber Insurance Report underscores the evolving nature of cyber threats and the dynamic response required by insurers and businesses. While the market presents favorable conditions for buyers, the persistent and evolving nature of cyber risks demands vigilant and proactive risk management strategies.
Source: Q1 2024 UK cyber insurance report. (Get Full Report Here)
Other News: UK Gov Offers Cyber Insurance — “Appalling” or “Good Step?”(Opens in a new browser tab).