Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
How the Cyberinsurance Industry Has Reacted to Ransomware
April 22, 2021
Insurance Business America reported on April 15 that, in the past five years, the average ransom demand has soared from $15,000 to $175,000 – an almost twelve-fold increase – according to the NetDiligence® 2021 Ransomware Spotlight Report. Ransom demands crossed the $1 million threshold in 2018, the $3 million threshold in 2019, and publicly available data indicates that they crossed the $50 million threshold in 2020 – although the article notes that this amount was probably negotiated down.
As you might imagine, these demands are eating up cyber insurance limits and leaving carriers and insureds out of pocket.
Every insurance company is reacting to the ransomware boom in their own way, but there are some commonalities, according to Ari Giller, Vice President of Cyber & Tech Underwriting at Tokio Marine HCC – Cyber & Professional Lines Group.
The first thing that most insureds have noticed is that cyber insurance pricing has risen over the past few years. According to Giller, the average cyber insurance premium increase for 2020 and 2021 is between 35-40%.
“The cyber insurance market has been severely underpriced for many years – at least since I started underwriting cyber nine years ago,” said Giller. “In a soft market, there are numerous competitors who are trying to eat up market share, so the focus is on who has the best price for the best coverage. Now, carriers have realized that there is significant exposure, and they need to increase their rates to commensurate. To many, these price increases seem lofty because, in the past, the product line has been significantly underpriced for the exposure.”
Beyond premium hikes, some carriers have started sub-limiting cyber extortion and ransomware, meaning that policyholders will only be able to claim a fixed amount for all of their breach event costs, forensic costs, legal costs, cyber extortion payments, and so on. Furthermore, some insurers are applying co-insurance provisions, forcing insureds to share more of the risk.
“We’re also seeing stricter underwriting guidelines,” Giller added. “Underwriting cyber is no longer just checking a few boxes – revenues, record count, a brief list of controls, no claims – and then sending out the quote. The underwriting process has become much more intensive, especially with regard to verifying ransomware controls and understanding each insured’s unique exposure. Carriers are also being more cautious in managing their limits. With ransomware demands sometimes reaching eight figures, we’ve seen many carriers dropping their capacity on any given line.
“With rate increases, coverage reductions, and various new limitations, we have seen a hardening in the cyber insurance market, and I believe that’s going to continue through 2021. There’s going to be a lot more limit on supply in the cyber insurance market.”
While Giller does not dispute the need for rate increases and more disciplined underwriting in the cyber insurance market, he describes these changes as “short-term solutions.” The long-term goal of the Tokio Marine HCC – Cyber & Professional Lines Group is to raise awareness of ransomware and other cyber threats, and to help insureds improve their cybersecurity posture.
“We really want to stress and prioritize the partnership between the insured and the carrier,” Giller told Insurance Business. “We don’t want to be seen as just a risk transfer solution; we want to be a partner in our insureds’ risk management practices.”
Tokio Marine HCC – Cyber & Professional Lines Group works with leading cybersecurity and cyber risk management vendors to help their insureds secure their systems and achieve “best practice” status. In October 2020, the group announced an arrangement with CrowdStrike, a leader in cloud-delivered endpoint and workload protection. CrowdStrike’s endpoint protection offering through Tokio Marine HCC – Cyber & Professional Lines Group allows insureds to address the increasing risk of ransomware attacks and other sophisticated threats.
The group also works closely with OneIT, a leading managed services provider, to offer insureds multi-factor authentication through Cisco’s Duo, as well as secure, off-site backup and recovery for their vulnerable data with Datto – both equally critical elements in policyholders’ ransomware-readiness strategies. All of these services are offered to insureds at reduced rates.
“We want to be proactive and provide preventative solutions for our insureds that augment their existing security approach,” said Giller. “We’re happy to jump on a call with our insureds at any time to walk them through any cyber vulnerabilities that we’ve identified and how they can mitigate them. Prevention really is the best cure.”
Interesting developments in the cyberinsurance world to be sure. I am not sure how well some of the above serves solo/small law firms – or how much the services of a major firm like CrowdStrike might cost.
Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson