Rampant ransomware, rising rates and regulation have caused a major spike in cyber insurance premiums, new research has said.
A report from international broker Howden claims cybersecurity insurance rates increased by an average of 32% year-on-year in June this year – which is on the back of a 50% rise since Howden began tracking.
As the company says, the three R’s (ransomware, rates, regulation) are dictating the prices. Globally, the number of ransomware attacks rose by 140% in the fourth quarter of 2020, compared to the first quarter of 2019 – but have also got more expensive, with US companies paying a ransom in Q1 2021 having to shell out 400% more compared to 2019. The post-mortem also became more expensive – as while it cost an average of $700,000 to remedy ransomware in 2020, it now costs $1.85 million – rising to over $2m for US firms.
As a result, Howden says insurers are asking businesses to amp up their cyber-resilience, adding that many are only willing to deploy capacity if they believe the customer’s risk management is spotless. At the same time, they’re innovating at pace and developing new solutions to tackle the changing needs of clients – whilst also paying claims quickly and consistently.
Until recently, cyber insurance has been lucrative, the report further claims, adding that the market has been growing “substantially” in these last five years. Gross written premium more than doubled in that timeframe, growing at a CAGR of 22%. Howden expects a similar expansion rate for the next five years, believing gross written premium to reach $20bn by 2025.
Preparing for a cyberattack
Even though cybersecurity incidents and cybersecurity insurance costs “may at times seem uncontrollable”, companies can still do a lot by tightening up on their cybersecurity, the report concludes. Preparedness is a key component, it said, claiming that businesses should build and test a robust plan to be carried out in an event of an attack.
And should that plan be put to the test in real life, businesses need to move quickly and run through the protocols as fast as possible. Companies that have a tested incident response team pay, on average, almost 40% less, Howden concluded.