In our previous publication, Cyber Insurance Market Dynamics, we discussed cyber insurance market dynamics and the measures both insurers and enterprises are taking to improve capabilities, reduce risk, and curb overall claims losses. In this final article in the three-part series, we will explore what the future holds for cyber insurance for enterprises and insurers.
The COVID-19 pandemic has exacerbated the cybersecurity challenges for both enterprises and insurers. While it has exposed the limited cyber readiness within enterprises, it has also increased margin pressure on cyber insurers that are facing rising loss ratios. To address these challenges, manage cyber risk, and offset increases in premiums, enterprises are investing in new technologies like endpoint protection, network security, and application security, among others.
While these measures have worked for firms in the past, the evolving cyber threat landscape has unveiled the need for more robust plans. Insurers, on the other hand, are partnering with cyber risk analytics firms to actively work to improve underwriting prowess. They are also realizing the need of a sustainable policy that won’t pose an imminent threat to the industry profitability in the future.
Work from home security
The pandemic has made enterprises aware that it is possible to successfully run the business in a remote working environment. These businesses have implemented strong IT frameworks to enable employees to work remotely with few challenges or impacts on productivity. Enterprises have invested in network security and Identity and Access management tools that enable employees to work securely on any given network. With increasing cloud adoption, cloud-based security services will become a hot topic for enterprises to curb growing cyber-attacks.
Maintaining strict access control is likely to be the guiding principle for cyber policies in enterprises. Organizations will implement stringent hardware authentication measures to prohibit unauthorized access to systems. Automated and adaptive network scanning is also expected to be a key theme in the cybersecurity landscape. Enterprises will monitor and scan the connected networks to report any anomalies in real-time, thus enabling teams to proactively fix them. Learning and adapting to the new risk landscape will be an important aspect of enterprise cybersecurity teams. Using Artificial Intelligence/Machine Learning (AI/ML), enterprises will be able to identify patterns and help prevent repeated attacks by developing exhaustive threat intelligence. The use of AI is not only limited to scanning and pattern identification, but it is also expected to prove beneficial to combat social engineering, malware, and ransomware attacks.
We have mentioned in parts one and two of our previous publications (“Cyber Insurance Market Dynamics” and “Cybersecurity Risk Management in a Post-Pandemic Era”) that cyber threats evolve along with evolving technologies. The same is true in the case of quantum computing. While it is expected to bring its own set of advantages in the fields of analytics, cryptography, aviation, medical research, etc., it is also expected to impair our existing encryption methods.
Continued cyber insurance growth forecast
The global cyber insurance market has experienced strong growth in the past, and this trend is likely to continue in the near future. The continuous shift to advanced technologies like AI/ML, cloud and APIs, has compelled enterprises to include cyber insurance in cybersecurity plans. While it is not a panacea solution to the enterprise cyber risk problem, the insurance coverage does provide the necessary systemic risk sharing from potential attacks. Going forward, cyber insurance will transform from a “nice to have” product to a “must have” product for enterprises. Firms will actively look for coverages that include cybersecurity, cyber liability, and technology errors and omissions, among others. The bundling of value-added services in addition to cyber coverage has increased the attractiveness of cyber insurance for enterprises. In addition to the necessary risk insurance, enterprises now have access to risk prevention and mitigation products and services from insurers.
In the remote/work-from-home world, the lines between commercial and personal cyber risk have become blurred. The need to have employees work from home is not likely to change in the short to mid-term, so insurers will offer enterprises personal cyber risk covers to shield consumers from any cyber-related risks. Recently, Chubb insurance introduced BLINK, an affordable insurance product with an embedded cyber protection cover that addresses the gap between those customers who are concerned about personal cybersecurity (80%-plus) and those who have cyber protection (16%).
As the market expands, insurer limits to risk-taking capacity may dampen the overall growth. While insurers are preparing for the impending cyber capital crisis that may emerge in the event of large-scale cyber-attacks, they are also thinking of innovative ways to address this challenge. Insurers are looking at capping lines of coverage and increasing rates while also diversifying current cyber risk portfolios of large enterprises. Increasingly, insurers will seek to offer coverages to medium-sized businesses as those organizations are becoming increasingly reliant on technology and are aggressively facing cyber-attacks. According to Verizon’s Data Breach Investigation Report, small and medium-sized businesses are at a high risk of data breaches and cyber-attacks. With a considerable proportion of medium-sized businesses seeking to purchase cyber insurance, insurers and brokers will look to tap into this target market.
In-house expertise for insurers to grow
Historically, insurers have largely relied on third-party cyber risk analytics firms for underwriting cyber risk. However, that is expected to change. Insurers are building in-house capabilities and hiring IT experts to strengthen cyber underwriting practices. Going forward, we also expect insurers to build a cyber insurance ecosystem to successfully underwrite cyber risk and consequently generate long-term profitable growth. With this, insurers can bring significant value to the enterprises while also enhancing underwriting capabilities by leveraging real-time threat intelligence. This will provide insurers with new data sources and insights to drive better risk evaluation and, in turn, build a more resilient cybersecurity landscape. Industry regulators will also play a key role in risk underwriting with the introduction of regional cyber insurance risk frameworks as best practices for managing cyber risk.
In the future, the evolving cybersecurity and cyber insurance landscape will demand proactive measures from both enterprises and insurers alike. As enterprises adopt new and emerging technologies, they will need to strengthen their cybersecurity position with new-age solutions like cloud application security and AI/ML-based automated security. Insurers will leverage new data sets for cyber risk underwriting and create a cyber insurance ecosystem that will provide them with the capability to act as coverage providers and also position them as strong risk advisors.
For more insights on cybersecurity, please see the first blog in this series, Cybersecurity Risk Management in a Post-Pandemic Era, or the second blog in the series Cyber Insurance Market Dynamics.
If you’d like to share your observations or questions on the evolving cybersecurity and cyber insurance landscape, please reach out to Barbara Beller ([email protected]), Supratim Nandi ([email protected]), or Mehul Khera ([email protected]).