According to research by a US government watchdog, the rising cybersecurity events has led to an increase in cyber insurance premiums. The increase has also limited coverage in risky industries like health care and education.
(My Lawrd has covered various data breach incidents in the past. You can read about them, here.)
The report is prepared by the US’ Government Accountability Office (GAO), which provides the Congress, heads of executive agencies, and the public with timely, fact-based, non-partisan information. Their research helps improve governance and save taxpayer’s billions of dollars.
Cyber Insurance Market
Cyber insurance can assist in settling the expense of responding to and recovering from cyber-attacks. With the increasing frequency and severity of cyberattacks, more insurance customers are opting for cyber coverage, up from 26% in 2016 to 47% in 2020.
Clients and insurers both have difficulties in the market sector because of the:
1. Because insurers don’t have sufficient historical data on cyber-attack-related expenses, developing cyber insurance policies can be difficult.
2. Clients may have difficulty determining what is covered because essential phrases like “cyberterrorism” do not have conventional definitions.
Findings of the Report
- Increasing Take-up: According to data from a major insurance broker, the take-up rate (percentage of existing clients electing coverage) for cyber insurance has increased from 26% in 2016 to 47% in 2020.
- Increasing Costs: Higher pricing has coupled with greater demand and higher insurance costs as a result of more frequent and severe cyberattacks. According to a recent study of insurance brokers, more than half of respondents expect their clients’ costs to rise by 10–30% by late 2020.
- Lower Coverage Limits: According to industry representatives, insurers have reduced coverage limits for various industrial sectors, such as healthcare and education, due to an increase in cyberattacks.
- Cyber-specific policies: Insurers are increasingly offering specific policies, rather than putting cyber risk in bundles with conventional coverage. This trend reflects a need for greater transparency in terms of what is covered as well as higher cyber-specific coverage limitation.
- Lack of historical data on losses: Costs from cyberattacks and price policies correspondingly without extensive, high-quality data on cyber damages. Some industry participants suggest that the federal, state and private sectors should collaborate to gather and exchange incident data in order to assess risk and develop cyber insurance products.
- Lack of common definition: Different definitions for policy terms, like “cyberterrorism,” results in a lack of clarity on what is covered. The federal and state governments, as well as the insurance business, should collaborate to develop uniform definitions.
Significance of the Report
Malicious cyber activity puts the federal government, the nation’s businesses, and essential infrastructure in danger costing billions of dollars every year. The report stated the ability of threat actors to carry out assaults is expanding, emphasising the necessity for a strong cyber insurance market.
The GAO analysis also raises the possibility that smaller businesses that cannot afford coverage will be left behind. “Small organisations may acquire cyber insurance less frequently if they believe their risks are minor or policies are prohibitively expensive,” according to the GAO.