Cyber Insurance Premiums and Demand Surge After Boom of Costly Cyberattacks

Pillsbury - Policyholder Pulse blog
Contact

Pillsbury - Policyholder Pulse blog

The frequency and severity of cyber incidents, particularly ransomware attacks targeting businesses and critical infrastructure organizations, have been on the increase and are unlikely to subside anytime soon. Higher claim counts and loss severity have led to significant and continuing increases in cyber insurance losses. Insurers have made up for this increased risk profile by passing the costs onto consumers in two ways—by both increasing premiums and attempting to narrow coverage.

Cyber insurance has become the fastest growing product for U.S. insurers. Fitch Ratings recently reported that cyber insurance direct written premiums grew by 74% in 2021 to over $4.8 billion, and premiums for standalone cyber coverage increased by 92% to over $3.1 billion for the year, according to statutory financial data submitted to the National Association of Insurance Commissioners. This data also indicates that reported claims rose by 100% annually in the past three years and payments furnished from closed claims grew by 200% over the same period. Although there has been a significant growth in claim frequency, price increases have reduced insurers’ direct loss ratio for standalone cyber insurance from 72% in 2020 to 65% in 2021.

Market interest in cyber insurance exploded in sectors that had previously seen relatively low uptake, such as the oil & gas industry, after the May 2021 ransomware attack on Colonial Pipeline Company. In May 2021, Colonial Pipeline, the largest fuel pipeline in the United States, suffered a ransomware attack. DarkSide, the hackers responsible for the attack, threatened to leak data unless their $4.4 million demand was paid. Colonial Pipeline paid the $4.4 million ransom to get its data back; approximately $2.3 million was later recovered by the U.S. Department of Justice. The ransomware attack resulted in a shutdown of the Colonial Pipeline, causing a domino effect that severely impacted the U.S. oil supply chain. The Colonial Pipeline incident was one among a surge of costly ransomware attacks that spurred government action. Just days later, President Biden issued Executive Order 14028 to improve overall cyber resilience, incident response, and business continuity for potential cyberattacks on U.S. critical infrastructure.

At this point, there is no denying the exposure. As Kinder Morgan, Inc., for example, stated in its 2021 Form 10-K: “There is no assurance that adequate cyber sabotage and terrorism insurance will be available at rates we believe are reasonable in the near future. These developments may subject our operations to increased risks, as well as increased costs, and, depending on their ultimate magnitude, could have a material adverse effect on our business, results of operations and financial condition or could harm our business reputation.”

Cyber insurance can be one option to address these risks, along with planning for cyber incidents and other risk shifting measures, such as requiring indemnification from third-party vendors. However, not all cyber insurance policies are created equal. Purchasing the right coverage requires a thorough understanding of your company’s risk profile and what coverage is available in the marketplace. Policyholders with a digital footprint should take a closer look and assess their exposure to cyber risks, closely watching the insurers’ attempts to narrow coverage—updates we will detail in a future post. Finding an appropriate policy is key to shielding companies from devastating impacts to their business after a cyberattack. Policyholders should work with experienced counsel to evaluate coverage and to assess what security measures can be taken to reduce cyber exposure.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pillsbury - Policyholder Pulse blog | Attorney Advertising

Written by:

Pillsbury - Policyholder Pulse blog
Contact
more
less

Pillsbury - Policyholder Pulse blog on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.