Cyber Insurance has seen significant change in recent years with market cycle fluctuations, increased capacity, new products and evolving services. However, the key themes and concepts remain vitally important, some of which include:
1. Market Conditions
Competition is healthy with a variety of underwriting approaches offering brokers a wide choice of products and service.
2020 and 2021 were unprofitable for some insurers and a hardening market followed, with changes to underwriting methodology. Confidence returned in 2022 & 2023 with a sharper focus on minimum controls and risk management.
Despite the market buoyancy, 2024 claims trends still showed sizeable threats and developments, so it will be interesting to see how insurer optimism is affected in 2025.
2. ‘Open-Source’ Underwriting
Open-Source Intelligence (OSINT) scanning works by assessing vulnerabilities and exposures (primarily in website/web-applications). It has become a key underwriting tool for insurers and has further facilitated streamlined underwriting. Some insurers can also include continuous monitoring for clients.
However, it has been argued that OSINT has limitations and doesn’t always give a true reflection of the overall risk mitigation.
Larger clients with experienced IT teams may want to provide their own cyber security posture information and can often find interference frustrating, with regular basic security updates creating a level of ‘alert-fatigue’
3. Automation vs Accessibility
Streamlined underwriting and OSINT have helped Cyber growth, speeding up the path to purchase and allowing competitive pricing. It is often favoured in the SME space, but there is minimal opportunity for a client to differentiate their risk and negligible interaction with an underwriter.
Larger or more complex risks may benefit from accessible underwriting expertise. This may include further information gathering but allows articulation of risk in more detail, moving away from the one-size-fits-all approach. Premium is determined by a more bespoke process with consideration given to understanding a complete risk profile. OSINT can be used as part of process, but normally in conjunction with overall risk information to ensure that the broader cyber-security posture is understood.
4. Contractual Obligations
General awareness of cyber threats and appropriate insurance protection has increased, leading to many clients now buying a policy to satisfy contractual obligations from 3rd party customers, vendors or investors.
There is a recognition that cyber claims pose a major threat to both operations and balance sheets, so insurance is seen as a key requirement and limit requests can often be sizeable.
Capacity for excess layers is readily available, but it is worth analysing the details of the contractual request. Third party cover only (rather than full first party requirements) may be all that is required, enabling more competitive terms to be negotiated.
5. Importance of Experience
Cyber Insurance is well-established, but levels of experience can differ in all stages of the process.
Accessing expertise remains key and that extends to brokers, underwriters and, most importantly, to the incident response providers.
When it comes to incident response, there is no substitute for experience and those providers established for many years will have dealt with many cyber events and are more likely to possess the knowledge and confidence to help an insured in their time of need.
Time is vital during a cyber event, and it is much easier to stand down a comprehensive response than it is to raise an inadequate one.