Cyber insurance underwriters ask more probing questions, condition coverage on strong security controls

Author: John Doernberg

Increasing Web Compliance Awareness for ADA

The sustained surge in ransomware attacks has hit the cyber insurance market hard.

The surge started a couple of years ago and accelerated since early 2020, and it has caused both greater frequency and severity in the claims made under cyber insurance policies. Ransom payments toward the end of 2020 averaged in the hundreds of thousands of dollars, with some in the millions.

Beyond the cost of the extortion payment itself (when paid), ransomware typically triggers many other losses and expenses that can be covered by cyber or cyber/E&O policies. Some of these include breaches of personal information, business interruption and extra expense, data recovery, regulatory investigations, fines and penalties, and (in cyber/E&O policies) liabilities for the failure of products or services. Such costs are often several times greater than any ransom payment.

Cyber insurers respond to the new marketplace due to ransomware

Cyber insurers are scrambling to try and stanch their losses. They have increased their premiums for both new business and their own renewals, often in the range of 15-50% or more. They have in many cases imposed coverage limitations, including sublimits on certain key coverages and even outright exclusions, based on vulnerabilities to specific high-profile breaches such as those involving SolarWinds, Microsoft Exchange Server and Accellion.

Insurers have adapted their underwriting practices as they scramble to keep up with the changed exposure landscape caused by the explosion in ransomware. They have also examined their ransomware claims, seeking to identify vulnerabilities commonly exploited in successful attacks. Their findings have driven them to ask more probing questions during the underwriting process and to raise their thresholds for what they consider to be satisfactory responses.

As a result, organizations buying cyber insurance programs in the last few months have had to answer more extensive and probing questions from underwriters. The premiums quoted and the quality of the coverage terms offered are now far more sensitive to underwriters' higher thresholds for satisfactory answers.

   Cyber Insight Series

Register for our monthly webinar series for the latest in cyber risk management.

Many cyber insurers are now requiring insureds to complete special ransomware supplemental applications as a condition of coverage – or even of offering terms. Some cyber underwriters mandate use of their own applications (there are more than a dozen currently in use) for renewals, although most will accept competitors' applications to quote what would be new business to them. They are also asking additional questions during the underwriting process. Some who accept competitors' applications in order to quote will still require submission of their own applications prior to binding.

Ransomware concerns and best practices on addressing them

Insurers are looking for the use of security controls that they consider effective at preventing, detecting and remediating malicious activity at various stages of the ransomware lifecycle. While cyber insurers ask a wide range of questions in their applications, certain central themes have emerged that point to their principal ransomware concerns and the security controls they believe best address them. Below are some of those concerns, with what appear to be the most frequently mentioned controls italicized.

Choosing the best cyber insurance terms for your organization

Obtaining the best available cyber insurance program requires putting your best foot forward and offering cyber underwriters a complete and nuanced understanding of your cyber risk profile. Doing so is a time-sensitive, labor-intensive process that requires ongoing contributions from many people both within and outside of the organization. By starting early with the right team and the right focus, a company can position itself to obtain the best cyber insurance terms available for its particular exposures in the current choppy market. Talk to a Gallagher cyber specialist today, and learn more about how you can effectively manage and transfer your changing cybersecurity risks.

Author Information:


Disclaimer: The information contained herein is offered as insurance Industry guidance and provided as an overview of current market risks and available coverages and is intended for discussion purposes only. This publication is not intended to offer legal advice or client-specific risk management advice. Any description of insurance coverages is not meant to interpret specific coverages that your company may already have in place or that may be generally available. General insurance descriptions contained herein do not include complete Insurance policy definitions, terms, and/or conditions, and should not be relied on for coverage interpretation. Actual insurance policies must always be consulted for full coverage details and analysis.