The cyber insurance market has grown unevenly in recent years. The number of organizations looking to find insurance and protect themselves against cyber risks has exploded. In contrast, lacking decades of experience data, insurers are unsure of how to quantify cyber threats and are hesitant to expose themselves to an insurable event with an increased likelihood of occurrence and high costs.
Let’s look at five reasons why insurance brokers and agents may struggle to secure capacity in this lopsided market.
Ransomware attacks have exploded in popularity as malicious actors have a renewed incentive to infiltrate an organization’s network. According to TechTarget, ransomware doubled in frequency in 2021 and now comprises 10% of all breaches. Likewise, 37% of global organizations said they were the victim of some form of ransomware attack in 2021.
Any increase in the likelihood or severity of an attack gives insurers pause. Many are hesitant to accept the risk or its associated costs, causing overall capacity to dwindle and making it harder for brokers and agents to keep up with demand.
2. The Current Geopolitical Climate
Not only is the overall boom in ransomware decreasing capacity, but specific current events are also having a profound impact on the insurance industry.
The ongoing situation in Ukraine, for example, has put both cybersecurity analysts and insurance professionals on edge. Russia is particularly known for sponsoring and carrying out malicious cyber espionage and attacks worldwide. As the conflict carries on, the world expects Russia to use its malicious cyber capabilities against other nation-states or critical infrastructure.
[FREE CHECKLIST DOWNLOAD] How to Secure Cyber Insurance Capacity
The heightened risk for cyberattacks puts organizations on high alert, causing them to boost their cyber spending and potentially seek out a cyber insurance policy. Insurers, on the other hand, are limiting coverage to minimize their own risk which, in turn, decreases overall capacity.
3. The COVID-19 Pandemic
Who thought COVID-19 could increase an organization’s likelihood of a cyberattack? Well, it did — indirectly.
Both employees and their employers quickly embraced the explosion of remote work necessitated by the COVID-19 pandemic. Remote work has shown little signs of going away and will likely become the new normal for many white-collar jobs.
While it has many advantages, a distributed workforce could result in a shifting threat landscape for organizations protecting their data. Employees are more frequently using personal devices for work, and employers have less visibility into home networks for employees.
As employees stay home, more organizations migrate to the cloud and use more third-party providers, taking cyber risks outside of the organization, giving companies and their cybersecurity departments less visibility into all threats posed to their data. Again, as risk grows, coverage decreases.
4. Inflation & Demand for Cyber Talent
The unemployment rate in the United States has slipped below 4%, creating an imbalance between employers and employees. Salaries are rising, especially in in-demand career fields like cybersecurity. As a result, the cost to operate a highly functioning cyber security department has increased significantly. As is covered in most cyber insurance policies, the cost of responding to an incident has continually increased.
Organizations have further trouble protecting themselves if cybersecurity resources are continually more expensive and difficult to hire. Insurers and their contractors must provide resources (financial or human capital) to respond to covered incidents, making the cost of an insurable event more expensive.
5. Risk Complexity
Compared to other legacy insurance markets like homes and vehicles, cyber insurance is a new market for insurers and reinsurers to quantify and understand compared to other legacy insurance markets like homes and cars. While actuaries are continually developing models to model the frequency and impact of cyber risk, the data is both limited and evolving. With the dollar figure of cyber risk challenging to quantify, insurers are hesitant to take on additional policies, limiting capacity in the market.
All the reasons outlined above are only a few factors that result in brokers and agents struggling to secure capacity for their clients. The cyber landscape has gotten riskier and more complex, causing insurers to hesitate to take on more undefined risks. While capacity has been harder to come by, a platform like Relay can help match agents and brokers with available cyber insurance capacity.