CloudCover’s “Solution Differentiators” Part Five: Cyber Insurance’s Current and Future State

Blog Summary: The cyber insurance market is ripe for a change. As cyber attacks — particularly ransomware — continue to increase, leading to rising premiums, changing policy conditions, and limited cover based on attack type. In our final “Solution Differentiators” blog, we discuss the current state of cyber insurance and how CloudCover’s end-to-end cybersecurity technology and insurance solution is poised to change the game.

If there weren’t already enough reasons to be constantly vigilant about cyber attacks, the two most recent events provide even more grounds for concern:

Apache’s Log4j vulnerability (aka “Log4Shell”) has been called one of the biggest threats to IT security in decades. It will be felt for years.
Kronos’s ransomware attack will keep payroll systems offline for weeks, affecting how thousands of employees in the United States get paid.

Attacks like these will keep happening — ones that are more sophisticated, larger, and more destructive than the attacks before them. The landscape will continue to get more perilous. Our industry needs to start thinking differently.

If you’re aware of cybersecurity risk in real time, you can control and transfer it in real time. That’s why our CC/B1 Platform™ and CloudCover CyberSafety™ Insurance coverage has created an entirely new market category: end-to-end cybersecurity network technology and insurance. In the last blog of this series, we call out the challenges of the current cybersecurity insurance market — and how our solution is transforming the security industry.

The present: sky-high premiums, ineffective policies, limited coverage

According to Fitch Ratings, the number of cyber insurance policies written by insurers has grown every year since 2015. In 2021, premiums have increased by 20%-50% (Sloan, 2021). At the same time, the percentage of an insurer’s premium income which it paid to claimants of a cyberattack skyrocketed to 73%, the highest level in six years.

One reason is the frequency of cyberattacks, especially ransomware. In addition to the Kronos attack, there have been others: CNA Financial Corporation’s $40 million ransomware attack; the Colonial Pipeline — a $4.4 million payment — and this summer’s Kaseya attack, with the REvil group demanding a $70 million ransom. More ransomware attacks translate into more claims, more money being paid out, and higher premiums.

There’s also the unknown. Unlike traditional insurance, cyber insurance doesn’t have the actuarial data to set accurate premiums in the first place. With no data and no way of truly understanding how secure an organization’s network operates, insurers are raising premiums. In most cases, they’ll wait until companies increase their network security before bringing the rates back down.

Insurers are also getting more creative with policies. Higher coverage limits are becoming difficult to secure, insurance carriers are requiring supplemental policies for particularly concerning risks, and higher risks are prone to sub-limits — reductions to coverage for certain losses — or captive insurance.

Future: cyber insurance and technology blend into better risk management and much more accurate premiums

Looking ahead, the security strength of an organization in predicting, responding, and preventing cyberthreats is more important than ever. A company knowing and understanding its security posture will mean better — and more reasonably priced — insurance coverage.

The CC/B1 Platform can provide a company visibility into their cybersafety landscape, using machine learning to inspect, analyze, and understand IT events that happen within the company’s network — risk awareness — and stopping threats, all in real time. As it understands suspicious patterns, the CC/B1 is also obtaining the data analytics required to efficiently underwrite and set accurate premiums through CloudCover’s CyberSafety Insurance coverage. This offering includes CloudCover’s Cyber Liability insurance (CCCL) and Information Systems Business Interruption (ISBI) insurance in addition to the $1 Million Ransomware Warranty.

In the months ahead, we plan to roll out the final product in our portfolio — Cybersecurity Network Data Insurance in real time. It’s the first insurance policy to insure data in motion with both first-party and third-party liability cover and will make it possible for organizations to value their intangible assets — data — just as they would other company assets.

This is the future of cybersecurity insurance and technology. No more hacking, because the CC/B1 Platform proactively responds and stops threats. Cyber insurance that truly transfers risk, because it’s using your company’s data risk to set premiums instead of taking a dartboard approach. Both are seen as impossible in the cyber insurance industry, and yet — we’re here. Now, that’s a solution differentiator.

Get a head start on understanding your risk posture by completing CloudCover’s CyberSafety Registry®. To sign up for a CyberSafety CC/B1 Platform demo, visit cloudcover.cc/request-a-demo/.

References

Sloan, Rob. “The Outlook for Cyber Insurance.” WSJ Pro Cybersecurity Research.