The cyber security insurance market experienced even greater pressure in 2022, and Vanbreda Risk & Benefits does not expect to see any change any time soon in 2023. Cyber security expert Tom Van Britsom: “The downward pressure on all types of insurance premiums over the past decade combined with cyber security incidents over the past few years have made the situation for cyber security insurers untenable. Premiums took off again in 2022: we recorded increases of up to 300%.”
The impact of cyber security incidents is significant, particularly as a result of the many data breaches involving sensitive personal data and ransomware attacks resulting in ransom demands and business interruption. Cyber security expert Christophe Liekens: “This led to some insurers no longer being keen on covering cyber security risks in 2022 and insurers had to collaborate more frequently in order to continue to provide companies with the same level of cover.”
To maintain a healthy cyber security insurance market going forward, the underwriting criteria for companies were tightened last year, which made it more difficult to arrange new cyber security insurance. Christophe Liekens: “Many companies also faced issues such as higher premiums, higher excess amounts, fewer guarantees and lower insured capitals last year. Some companies even had to be willing to pay for a specific share of the damage themselves, on top of the excess, in the event of a ransomware attack.”
Cyber security insurers also expected companies to make greater efforts in terms of prevention, including the tightening of internal procedures, regular updates and better security for IT systems, as well as providing training for employees. Similar to last year, our study shows that human intervention was at the root of most cyber security incidents.
Tom Van Britsom: “We have noticed that errors are still common at all levels within a company, e.g. someone clicking on a rogue link in an e-mail. Or worse: sometimes a personal login will be used to provide direct access to the company’s systems. Even one such individual action can lead to an interruption in business activities resulting in rapidly rising costs. Fortunately, we are also seeing positive results among companies that train employees on how to recognize phishing e-mails.”
In addition to a strong focus on in-house processes, quality partnerships with external service providers are also important. Christophe Liekens: “Many companies currently focus on their own cyber security, incidentally a requirement of all cyber security insurers, but insurers are also increasingly scrutinising, for example, the IT partners a company is collaborating with. Thoroughly screening a partner beforehand is paramount. Your own security may be top-notch, but it is put at risk if your data manager’s is not.”
The proportion of companies with cyber security insurance in Vanbreda Risk & Benefits’ portfolio has been on the rise for several years. The total premium volume in cyber security insurance increased to 13.2 million euro in 2022, up 30% from 2021. The insurance covers reimbursement of damages incurred, and provides access to a network of professionals who will help the company mitigate damages and become fully operational again soon after an incident. A professional IT provider’s responsibilities include detecting and resolving the IT incident. Legal assistance is also included, as is support from a PR agency in terms of (crisis) press communications.
Tom Van Britsom: “This total package of services provided by experienced experts offers tremendous and tangible added value to a company facing a cyber security incident, which explains the rising interest in cyber security insurance. We also noted in 2022 that with many organizations this insurance is now part of their standard insurance package.”
Download our infographic with the 2022 figures here.
