A lot has changed in the world of cyber insurance over the past few years.
As more companies view cybersecurity as a business risk, they are turning to cyber insurance policies to cover the potential liabilities associated with cybersecurity and data privacy events, the cost of remediation, and business recovery.
Dara Gibson
This greater demand combined with the unprecedented rate of successful cyberattacks is causing cyber insurance premiums to skyrocket.
Additionally, the constantly changing threat landscape is prompting cyber insurers to routinely evolve the insurability controls and requirements needed to get and/or renew cyber insurance. Some insurers are even excluding certain types of cyberattacks in their insurance policies. For example, Lloyd’s of London’s no longer covers losses caused by nation-state attacks.
With so much change in such a brief period, it’s hard to know what to expect in 2024. Here are some thoughts on what’s to come to help you stay at the forefront of this dynamic industry.
Ransomware, Business Email Compromise, and Pixel Privacy Claims
Three things will be at the forefront of cyber insurance claims:
- Ransomware: Financially motivated cybercriminals will impose significant costs globally. Adversarial governments are developing artificial intelligence (AI) technologies to create new attack opportunities for state and nonstate threat actors to carry out disruptive attacks. Ransomware and double extortion will be the leading cause of loss, and trigger cyber insurance claims.
- Business email compromise (BEC): Data shows that BEC scams increased in the first quarter. And according to Verizon, more than 50% of incidents were initiated by social engineering patterns indicative of BEC attacks. Cybercriminals will continue to use generative AI to enhance the potential vectors to target victims.
- Pixel privacy claims: Personal identifiable information (PII) can be leaked to an unauthorized third party through misconfigured privacy settings, hence the theft of private user data. Class action lawsuits, regulatory fines and fees can result as a privacy event is found.
Sales Will Increase, Premiums to Rise
Third-party vendors are impacting purchasing requests. To maintain business partnerships, vendors will require cyber insurance to do business.
In addition, cyber insurance renewal premium rates will increase. Expect an uptick in the double-digit range.
Federal Program for Cyber Catastrophic Events
On September 29, the Federal Insurance Office issued a request for information for public comments on a potential response to catastrophic cyber events. The Federal Insurance Office will make a judgment by December 31 on the program’s effectiveness, and whether the federal program should expand for cyber catastrophic events.
CISA will also relaunch the CIDAWG (Cybersecurity Insurance and Data Analysis Working Group) program to establish new concepts around cyber resilience as well. These decisions will affect the cyber insurance industry.
Opportunities for MSPs
As the cyber insurance market expands, MSPs have an opportunity to serve as trusted advisors in this domain.
With a unique combination of expertise in both cyber insurance and cybersecurity, MSPs can bridge the communication gap between cyber insurance policies and cybersecurity “speak,” and create comprehensible cyber strategies that will enable companies to buy and renew cyber insurance.
Enhancing the cybersecurity maturity of a company in this way will benefit its cyber insurance strategies while boosting the overall cybersecurity and resilience postures.
Cyber insurance unlocks new opportunities for MSPs – and knowing what’s to come in 2024 will help you tap into a growing industry to add yet another area of expertise to your services portfolio.
Dara Gibson is a senior cyber insurance manager at Optiv.
Image: iStock
