What’s going on with Cyber Insurance Premiums in 2021?
Have you seen your cyber insurance premiums rise this year without an explanation of why?
Or are you in the market shopping for cyber insurance and surprised by the prices of coverage?
In this post, we’re going to break down what’s going on with cyber insurance premiums in 2021, why we’re seeing a spike in those premiums, and what you can do about it.
Today we’re going to talk about the volatility of the cyber insurance marketplace, how it’s affecting the premiums that businesses pay, and what you can expect from this line of business in the near future.
In 2020 the cyber insurance marketplace began to significantly deteriorate from a claims standpoint over prior years which is leading to price increases in 2021 and likely beyond.
A measure of claims performance in the insurance business is to compare claim costs against the premiums written. A pretty simple ratio that isolates the performance for a single insurer’s results or all insurer’s results in the aggregate for a single line of business. There is a certain amount of money coming into the piggy bank in the form of premiums and so much going out in the form of claim payments and loss settlement costs.
Looking at that measure in the aggregate for all U.S. cyber insurers between 2019 and 2020 is a bit startling. In 2019 insurers spent 47 cents on cyber claims for every cyber insurance premium dollar they brought in. In 2020 that percentage jumped to 73%.
Now you may be saying 73% isn’t that bad, that’s a 27% profit! But it’s not that simple, out of every dollar an insurance company brings in in premium there are other costs of course that need to be accounted for. Sales and marketing expenses, general and administrative costs, the cost of reinsurance, and so forth. And these add up.
But the point I want to make is that the 26 point jump in aggregate loss ratios is causing much of the market volatility we’re seeing in 2021.
What else is contributing to volatility?
Cyber claims continue to grow in severity, frequency, and complexity. Here are just a few statistics affecting small businesses in the U.S. – we define small as firms with less than 500 employees:
In the small business marketplace alone there was a 424% increase in data breaches and cyber-related events over last year.
The median ransomware payment is up 52% over last year to $71,000.
The average number of days of disruption caused by a ransomware event is 22 days.
The average paid loss for a cyber claim went from $145,000 in 2019 to $358,000 in 2020. That’s a 2.5 times increase
The bottom line is that volatility is here and will remain for quite a while, and insurers respond to volatility by increasing rates. Now it’s important to understand that the market does not move in perfect unison, meaning that not all insurers will increase their rates by the same percentage this year. But I think it’s clear that all insurers will raise rates while still trying to be competitive in the market to capture a greater share of the market.
So, what is going on with rates?
This year saw second quarter premiums increase about 25% which was on top of first quarter premium increases of 18%. Third quarter rate increases haven’t been published yet, but I expect we’ll see the same type of increase.
In addition to higher premiums, we are certainly seeing a much more disciplined approach to underwriting. Insurers are performing external scans to prospective client’s networks looking for vulnerabilities, more underwriting questions are being asked today than last year, and some insurers are unable to provide the limits, or breadth of coverage we say them offering in 2020.
I think we’ll see cyber premiums grow another 20 to 50 percent over the next 12 months and probably double in the next two years. That’s my estimate based on what we’ve seen over the past 18 months and what we’re seeing in estimated reinsurance renewal pricing and other risk factors.
Does that mean it’s better to wait not to purchase coverage until this levels out and starts to come down?
NO, absolutely not. I don’t see premiums dipping anywhere in the near future and in fact, I don’t’ see premiums leveling out anywhere in the near future. To go bare, hoping for a price reduction is just plain crazy in my opinion.
So you may be asking…
How are cyber insurance premiums calculated?
Premiums are calculated on a variety of factors – your industry, your annual revenue, your employee headcount, your cyber security defense system, and your overall security posture.
In fact many insurers run external scans of a prospective client’s network and scan the dark web for compromised credentials before offering up a final premium.
What should you do?
If you’ve been sitting on the fence and waiting to purchase cyber insurance, get off the fence and buy it. The only two things I can say for certain are: a. cyber threats are not going away or declining and b. premiums are not going down anytime soon. Not having protection only puts you at greater risk of not being able to recover from a breach, hack or attack that increasingly becoming more sophisticated.
Review your system configurations and defenses with your MSP or other IT professional. Now is not the time to DIY or do it yourself cyber defense strategy. An open port, a device with outdated firmware, or a lapsed subscription may not be readily evident to you but should be to a professional service provider. Hackers can identify vulnerabilities and exploit them to your disadvantage.
If you see a substantial premium increase coming your way, speak to your broker about it. What have they done to help mitigate much of that increase? Has the underwriter been engaged well before the renewal to discuss pricing on your account, are they open to a discussion with your MSP? Is there any advice they can offer about risk control that would help lower their pricing?
If your broker hasn’t offered options or suggestions or brought your cyber policy (ies) out to market for pricing options or they appear to be complacent in the whole process, it might be time to find a new broker.
Lastly, you may think that increasing your retention or deductible might help reduce the premium. I’ve looked into this and the increased risk you need to assume in a higher retention doesn’t make a lot of sense for the slight reduction in premium it achieves. It’s worth examining, but I wouldn’t recommend increasing your retention by $20,000 to save say $2,500.
Here’s one final word.
I’ve reviewed a lot of cyber policies this year for a variety of prospective clients that span a huge number of verticals – construction, financial services, hospitality, retail, industrial, non-profit, healthcare, and more.
A common problem I’ve seen is that you, the client, may think you have cyber insurance. You may have a policy, but you may not have a great cyber policy. What I mean by that is that several times this year we’ve identified clients who purchased cyber insurance years ago and the policy form they are on has not changed or improved over time. That means modern cyber threats are not covered.
We’ve also seen some more recent policies that don’t include the broadest coverage endorsements that could be obtained for just a few dollars more per year.
Finally, we’ve seen insufficient limits of protection almost across the board. In many instances, a $1m limit is insufficient for the business that’s insured. It makes sense to review limits prior to each renewal, benchmark where you are compared to your peer group and think through potential claims to determine if your limits are sufficient. At the very least, consider looking at higher limit options on renewal.
The bottom line is that while cyber insurance premiums are increasing and will continue to do so in the near future, this is valuable protection your firm can not afford to go without. The premium increases we’re seeing are not the result of insurance companies gouging customers, but really a direct result of the claims they have been paying out on, and will probably be paying even more on in the near future.
Have other questions or issues with cyber insurance you’d like to discuss?
Give me a call or drop me an email and let’s chat – in fact, click the button below to get started. I promise, no sales gimmicks or sales pressure at all. Just some conversation to see if I can help you unravel your insurance problem and if we might be a good fit for your business insurance needs.