Security News

In the world of insurance providers and policies, cyber insurance is a fairly new field. And many security teams are trying to wrap their heads around it. What is it and do they need it? And with...

As cyber threats grew, so did the appetite for risk transfer, with the US Government Accountability Office noting a dramatic increase in the proportion of insurance clients taking out cyber insurance policies. The change in infrastructure and access methods created yet more layers of security risk, making cyber risk transfer even more problematic for underwriters.

Cyber insurance is quickly becoming an unavoidable part of doing business as more organizations accept the inevitability of cyber risk. While other potential disruptions benefit from stable insurance providers with decades or even centuries of practice behind them, cyber insurance is a nascent field that has proven hard to get a handle on.

Based in the UK, Lloyd's is a marketplace of insurance buyers and sellers, rather than a company, and has 77 cyber risk insurers under its wing for which it sets the rules. Lloyd's chief of markets Patrick Tiernan was speaking to the Financial Times after a backlash against an August memo [PDF], penned by Lloyd's underwriting director Tony Chaudhry last month, saying the market will require all of its insurance groups to exclude any liability for losses resulting from state-backed cyberattacks from their insurance policies from March 31 2023.

Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in seven months' time. Because of this, all standalone cyber attack policies must include "a suitable clause excluding liability for losses arising from any state-backed cyberattack," Chaudhry wrote.

The number of organizations that will be either unable to afford cyber insurance, be declined cover, or experience significant coverage limitations is set to double in 2023, according to Huntsman Security. This Help Net Security video uncovers why so many organizations are losing cyber insurance as an important risk management tool.

Only 55 percent of companies have any insurance at all. "The situation is particularly acute for uninsured small and mid-sized businesses, who must weigh the soaring costs of cyber insurance premiums against the very real risk of being unable to recover from a successful attack."

The number of organizations that will be either unable to afford cyber insurance, be declined cover, or experience significant coverage limitations is set to double in 2023, according to Huntsman Security. "Loss ratios will not improve until premium incomes better match the current level of pay-outs. With this reduced insurance access alongside increasing cyber threats and tightening regulations, many organizations are losing cyber insurance as an important risk management tool. Even those who can still get insurance are paying a prohibitively high cost," Woollacott continued.

For the most part, it has been a quiet week on the ransomware front, with a few new reports, product developments, and attacks revealed. Finally, we learned about ransomware attacks this week, including ones on Spanish National Research Council, Semikron getting hit by LV ransomware, the German Chambers of Industry and Commerce, and Creos Luxembourg.

A Panaseer survey of global insurers across the UK and US found that 82% are expecting the rise in premiums to continue, with 74% of insurers agreeing that their inability to accurately understand a customer's security posture is impacting price increases. This Help Net Security video highlights how the increasing cost of ransomware affects global insurers.