Why Now Is the Time to Buy Cyber Insurance.
The rising incidence of cyberattacks, evolving regulatory requirements, and the substantial financial risks associated with data breaches make this the optimal time for your insured to purchase cyber insurance. In this week’s market report, Limit has broken down the major trends below.
Rising Incidence of Cyberattacks
Cyberattacks have surged in recent years, affecting businesses across various sectors. According to a report by Cybersecurity Ventures, the cost of cybercrime is expected to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. This staggering increase highlights the growing threat landscape that companies face. In 2023 alone, several high-profile cyber incidents underscored the vulnerabilities present in both large corporations and small businesses.
Anticipated Increase in Premiums
Despite the current affordability, several trends suggest that cyber insurance premiums will rise in the near future. The increasing frequency and severity of cyberattacks, including high-profile incidents like the 2024 Change Healthcare and Ticketmaster attacks, are driving up claims costs for insurers. According to a report by Fitch Ratings, the cost of ransomware attacks alone increased by 170% in 2021, and this trend is expected to continue. As claims rise, insurers are likely to adjust their pricing to reflect the growing risk.
Rising Claims and Loss Ratios: The frequency and severity of cyberattacks continue to escalate. The same 2024 report from Fitch Ratings highlighted that loss ratios in the cyber insurance sector have risen, with some insurers reporting ratios as high as 70%. The increased frequency of ransomware attacks, phishing incidents, and data breaches is leading to higher claims costs. For instance, the cost of ransomware claims alone increased by 19% in the first half of 2024 compared to the same period in 2023.
Regulatory Impacts: The regulatory landscape for cybersecurity is tightening in 2024. In the United States, the Federal Trade Commission (FTC) has implemented stricter data protection requirements, influencing how insurers price cyber policies. Compliance costs associated with these regulations are being factored into premium calculations. Similarly, the European Union's proposed updates to the GDPR are expected to increase regulatory compliance costs, further contributing to the upward trend in premiums.
Underpricing Correction: In 2024, there is a consensus among insurers that cyber risk has been historically underpriced. A survey by Marsh in 2024 revealed that 62% of insurers are planning to increase cyber premiums by at least 10% over the next year to adjust for previously underestimated risks.
Financial Risks and Costs
The financial repercussions of a cyberattack can be devastating. A study by IBM Security revealed that the average cost of a data breach reached $4.88 million in 2024, a record high. These costs encompass various factors, including incident response, legal fees, regulatory fines, and reputational damage. For small and medium-sized enterprises (SMEs), the financial impact can be particularly crippling, as they often lack the resources to recover from a major cyber incident. Cyber insurance provides a crucial financial safety net, covering expenses such as forensic investigations, business interruption costs, data recovery, and legal liabilities. This coverage can be vital for businesses seeking to mitigate the financial impact of a cyberattack and ensure continuity of operations.
Evolving Regulatory Landscape
Regulatory requirements related to data protection and cybersecurity are becoming increasingly stringent. Laws such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States impose significant penalties for data breaches and non-compliance. Additionally, recent regulations like the New York Department of Financial Services (NYDFS) Cybersecurity Regulation mandate strict cybersecurity measures and timely breach notifications. Failure to comply with these regulations can result in severe financial penalties and legal consequences. Cyber insurance policies most often include coverage for regulatory fines and legal expenses, providing businesses with essential support in navigating the complex regulatory landscape and maintaining compliance.
Increased Awareness and Investment in Cybersecurity
Organizations are increasingly aware of the importance of robust cybersecurity measures and are investing heavily in their digital defenses. Gartner predicts that worldwide spending on information security and risk management will reach $267.3 billion in 2026, indicating a strong commitment to enhancing cybersecurity infrastructure. However, even with substantial investments, no system is entirely immune to cyber threats. Ransomware attacks are one example of a threat that remains highly pervasive, particularly as new IT environments, including remote work setups, involve numerous potential entry points for attackers. According to the 2023 Verizon Data Breach Investigations Report, ransomware incidents accounted for over 40% of all cyberattacks, reflecting a sharp increase from previous years. These attacks often involve encrypting critical data and demanding a ransom for its release, causing significant operational disruptions. In May 2024, the global law firm Kirkland & Ellis was targeted by a sophisticated ransomware attack, resulting in the temporary shutdown of their IT systems and potential exposure of sensitive client information. The breach, impacting one of the world’s leading law firms, underscored the growing risks even to organizations with stringent cybersecurity measures. Additionally, Limit routinely sees claims for social engineering attacks where users are tricked into disclosing confidential or sensitive information to socially adroit hackers. Both of these types of attack are generally covered under a general cyber insurance policy.
Conclusion
In today's digital age, cyber insurance is no longer a luxury but a necessity. The escalating frequency and sophistication of cyber threats, coupled with the substantial financial and regulatory risks, make now the right time for businesses to invest in cyber insurance. By providing financial protection, regulatory compliance support, and coverage for a wide range of cyber incidents, cyber insurance empowers businesses to navigate the complex cyber threat landscape with confidence. As cyber threats continue to evolve, the peace of mind and financial security offered by cyber insurance will prove invaluable for businesses seeking to protect their operations and reputations in an increasingly interconnected world.
Limit AI is here to revolutionize your workflow.
Limit has built the State of the Art AI for insurance. Limit AI will summarize and compare your quotes, run your surplus lines taxes and fee calculations, identify coverage deficiencies, and do what you need to get your job done. Limit AI is extremely well-versed in all lines of P&C and highly skilled at analyzing your policies & quotes.
Our AI Assistant is built on Limit’s years of expertise as a commercial insurance wholesaler with hands on experience in all lines of P&C. Limit AI answers questions, drafts emails, and compares quotes & policies with substantially more rigor and attention to nuance than any other competitive AI product today.
Ready to get started? Join the waitlist by visiting limit.com/ai or email us at contact@limit.com.