Cyber Market Update December 2023
Premium Rates are Stabalising but still unpredictable
Premium rates in the cyber insurance market are stabilising, but are still unpredictable, as we are seeing average premium increases of 1% to 5% for some risks, but reductions on other risks. As Insurers face considerable pressure to grow their books of business and competition, particularly for businesses which can demonstrate strong risk management controls means that insurers are more willing to offer broader coverage, lower levels of risk retention and in some cases higher limits.
Cyber Excess Layers
Layered programs for clients requiring higher limits of indemnity are also becoming more competitive, with resulting reductions in excess pricing, particularly for larger towers. The increase in competition is driven by additional capacity from new entrants and markets re-entering the market after exiting due to poor underwriting results. However, excess layer price decreases will tail out as premiums reach a minimum price for capacity in the high layers or smaller accounts that need higher limits for contractual reasons.
Environmental, Social and Governance factors
Several external factors are impacting insurer appetite and capacity in the cyber market. Specific industries such as non-renewable energy, and producers of products like tobacco and alcohol are facing difficulties due to environmental, social and governance (ESG) concerns relating to these sectors These pressures may extend to other industries in the future.
Claims and emerging cyber risks
Ransomware
The frequency of cyber insurance claims continues to rise, with some carriers reporting increases in ransomware claims as high as 70%. While average ransomware payments are trending down, targeted attacks on large businesses have contributed a large portion of the overall ransom payments in 2023. It is anticipated that ransomware attacks could become more destructive with AI-powered targeting helping hackers find new vulnerabilities and victims.
Pixel Tracking
Tracking pixels are an online tracking technology that harvests information about web site users’ behaviour. It is designed to enable digital marketers to provide better website experiences, deliver more relevant online advertising, and deliver personalised content for web browsers.
Tracking pixels create a significant cyber risk associated with potential compromise and leakage of user data. A misconfigured pixel can send personal information to an unauthorised third-party server, stealing private data from users. Website owners are accountable for Data leaks caused by tracking pixels, and the risk of lawsuits and regulatory investigations related to the use of tracking pixels is on the rise. Meta Pixel hack leads to US healthcare provider data breach affecting 3 million patients - Cybersecurity Insiders (cybersecurity-insiders.com)
Artificial Intelligence (AI)
Another area of close monitoring is the impact of artificial intelligence. AI is a powerful new tool in hackers armoury, for example:
- Automated password-guessing and CAPTCHA breaking (CAPTCHA is a widely used computer program intended to distinguish human from machine input as a way of thwarting spam and automated extraction of data from websites).
- The use of generative AI (such as the publicly available Chat GPT) to craft malicious emails that can bypass spam filters. AI can create convincing spear phishing emails which research indicates are clicked on more often than those created by humans. mvp-ai-good-practice-for-governments-and-central-govt-departments.pdf (tech.gov.sg)
Biometric Privacy breaches
Carriers are concerned about privacy-related incidents and legal class actions in the US resulting from violations of the biometric privacy regulations Beware of BIPA and other biometric laws — an overview | Reuters. GDPR classifies biometric data as a type of special category of personal data, meaning biometric data can’t be processed or shared without consent, and opening the potential for similar legal cases in the UK.
Coverage Limitations
Carriers are closely monitoring claims activity, underwriting the exposure more diligently and, in some cases, narrowing their offerings. They continue to raise concerns about catastrophic losses, with many releasing new language limiting coverage for war or other catastrophic events.
For further information contact Giles Smithson
T | 020 7204 3851
E | giles.smithson@lonmar.com