Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Cyberinsurance: Steep Price Increases and Decreased Coverage

October 14, 2021

Insurance Business reported on October 11 that, even with cybersecurity mitigation strategies in place, businesses are finding it impossible to secure 2021 cyber coverage at 2020 rates, according to a new report from Risk Placement Services (RPS).

According to the new U.S. Cyber Insurance Market Outlook report from RPS, the insurance sector has lowered cyber coverage despite increased demand – primarily due to issues related to the pandemic and the increasing severity and frequency of ransomware attacks.

Some carriers are raising premiums by as much as 300% at renewal and decreasing coverage limits on sectors that have been hardest hit by cybercrime and cyber extortion over the past year, RPS said. Those sectors include education, public entity/government, healthcare, construction and manufacturing.

Insurers that commonly issued $5 million cyber liabilities policies in 2020 have scaled back to limits of $1 million to $3 million this year, even on renewals, according to RPS. Consequently, organizations have turned to additional carriers to reach their desired cyber liability coverage limits.

“This year’s changes in capacity, underwriting standards and even increases in premium were a necessary evolution,” said Steve Robinson, RPS national cyber practice leader. “Cyber insurance underwriting has become more reflective of today’s risks.”

Ransomware remains rampant in large party because of remote working, which opened up technological vulnerabilities that hackers took advantage of, RPS said. Claims frequency and severity skyrocketed at an unprecedented rate, and losses often far exceeded actuarial limits. Consequently, insurance companies began to develop models accounting for the unanticipated impact of ransomware on their bottom lines.

One increasing ransomware risk is so-called “double extortion” in which cybercriminals demand payment for a decryption key, as well as a separate payment to prevent the release of customer data and non-public information.

Underwriting questions have been extensive. Even on renewals, insurance companies are updating their questions about a company’s information security practices through supplemental application forms for ransomware and business interruption.

Multi-factor authentication (MFA) has become a must to qualify for cyberinsurance.

Insurers are also incorporating the scanning technology used by hackers into their own underwriting processes and applying sub-limits or exclusions on cyber extortion and business interruption resulting from ransomware events to better control their loss ratios.

Basically, it’s a mess out there. Skyrocketing premiums and less coverage are sending shockwaves through all businesses, including law firms. And there is no end in sight.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology