What to Expect from Cyber Insurance in 2023
The cyber insurance industry has been facing challenges in recent years due to rising rates, mass cyber-attacks, and stricter policy terms. However, trends at the end of 2022 suggest that there may be positive developments on the horizon for both policyholders and insurance providers.
This article will explore the current state of cyber insurance, the stabilization of rates, advanced underwriting techniques for 2023, government involvement in the industry, and how to choose the best policy for your needs in the upcoming year.
Current State of Cyber Insurance
According to a report from Fortune Business Insights, the global cyber insurance market is expected to grow from 12.83 billion in 2022, to 63.62 billion by 2029. More and more businesses are opting for cyber insurance every year as they become more reliant on data to operate, and as cyber attackers become more sophisticated in their attacks.
A 2022 report from the National Association of Insurance Commissioners (NAIC) claimed that data breaches were up 68% in 2021 when compared to the previous year. And that’s not just in certain industries. Companies from all sectors are experiencing an increase in ransomware and supply chain attacks.
These increased attacks led to a 79% increase in premiums in the first half of 2022. Insurers are now thoroughly examining a company’s cybersecurity with far more detail and taking extra precautions to reduce losses.
Some of these precautions include:
- Tightened Policy Terms: Cyber coverage used to often be included with commercial property and casualty policies, now many insurers have opted to offer cyber coverage separately.
- Lower Coverage Limits: Insurers are reexamining their coverage limits
- Documentation may be required: Some companies require documentation to evaluate a client’s cyber program before giving coverage
To read more about recent changes in cyber insurance check out our blog here.
Rates in the cyber insurance industry have soared in the past few years. While we can’t guarantee when and how rates will change, there are optimistic trends happening at the start of 2023.
Rate hikes are currently decreasing across the cyber insurance market because of a few factors.
The first is better cybersecurity practices from companies following an increase in cyberattacks. Some of these practices, and ones that are wise to follow for any business owner, include:
- Password management tools that ensure employees are using strong passwords
- Two-Factor Authentication
- Updated software and firewalls
- Training employees on security threats
- Data encryption
The other reason for rates beginning to stabilize is the increase of insurance companies joining the cyber insurance market. This is creating a more competitive environment and lowering the rate of premiums as there’s a larger supply of insurance options.
With increased cybersecurity and competition, you can expect businesses in 2023 to have insurance rates relative to the cybersecurity measures they have in place.
In previous years, we’ve seen cyber insurance companies underwrite with a traditional “outside-in” approach. Meaning they primarily focus on the external threats of cyberattacks and then view the security measures the company has in place.
This approach is changing fast. It’s quickly becoming the standard for insurance companies to evaluate potential cyber insurance policyholders with “inside-out” underwriting. This is a more comprehensive and effective approach that looks deeply at an organization’s ability to manage and mitigate risks.
An inside-out approach looks at your business like a cyber-attacker would, and primarily focuses on your network security, data protection, employee training, and incident response plans. This provides more objective and transparent data within the underwriting process to give a more accurate evaluation.
Unfortunately, there have been a few high-profile, national cyber attacks in recent years. This has forced policymakers to pay special attention to cybersecurity for businesses across all industries, especially ones that deal with critical infrastructure.
In March 2022, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was signed into law. Under this law, all companies in critical-infrastructure sectors will need to report incidents within 24-72 hours depending on the incident. It will be vital for businesses to be organized with their cybersecurity so they can report any issues in a timely manner.
The Federal Trade Commission, Food and Drug Administration, Department of Transportation, Department of Energy, and Cybersecurity and Infrastructure Security Agency are all currently working on additional regulations for cybersecurity, and it’s possible some of these will come into effect in 2023 as cyberattacks continue to evolve.
How Should I Choose a Policy for 2023?
The first, and most important thing, when choosing a cyber insurance policy is to determine what your company’s needs are.
Reimbursable expenses that insurance companies typically provide include:
- Investigations into the cause of the breach
- Business losses arising from a breach
- Privacy protection and breach notification
- Lawsuits and extortion
It’s important to figure out what expenses you want to be covered in your insurance plan before moving on. If you’re still unsure what exactly your business may need, talking to an experienced insurance team can help guide you through the process.
After you know what your company needs, it’s time to ask questions about the policy itself. These include:
- Take a look at the plan’s deductibles, just like you would any other insurance
- Understand if the policy is stand-alone or add on
- Ask if the policy covers accidental actions, as a lot of data breaches can be accidentally caused by employees.
- Ask if the policy covers third-party service providers
All these questions are a great start to seeing what type of coverage you need. If you want a more detailed look at choosing cyber insurance, take a look at our blog here.
Have More Questions About Cyber Insurance in 2023?
Apex Risk & Insurance Services was specifically founded to fill the service and consultative gap left by agency consolidations in the insurance marketplace. These consolidations have left customers who are used to a boutique service approach with no personal connection to their team.
Apex brings the high-touch service proposition back to the San Diego business community and beyond. If you have any questions about cyber insurance in the new year, contact us today.