Reuters reports that insurers have halved the amount of cyber cover they provide to customers following an increase in ransomware attacks that resulted in large payouts.
Major EU and US insurers have been able to charge higher premiums to cover 'ransoms, the repair of hacked networks, business interruption losses and even PR fees to mend reputational damage'. However growth in ransomware attacks and claims that the criminals are increasingly sophisticated result in insurers 'changing their appetites, limits, coverage and pricing', with one Reuters source commenting
Limits have halved – where people were offering 10 million pounds ($13.50 million), nearly everyone has reduced to five.
Lloyd's of London (reported as having around 20% of the global market for cyber insurance) has reportedly discouraged its syndicate members from taking on cyber insurance next year. Reuters comments
Combined ratio - a measure of profitability in which a level of more than 100% indicates a loss - climbed by more than 20 percentage points from 2019 to 95.4%. While insurers struggle to cope, companies are under-insured. "It's very unlikely people are getting the same limits - if they are, they are paying an extraordinary amount," ...
[O]ne technology client had previously bought 130 million pounds of professional indemnity and cyber cover for 250,000 pounds. Now the client could only get 55 million pounds of cover and the price was 500,000 pounds. Insurers who issued $5 million cyber liability policies last year have scaled back to limits of between $1 million and $3 million in 2021...
Where hackers previously took a scattergun approach with methods such as sending out thousands of phishing emails, they have become more targeted, reading balance sheets and focusing on specific sectors. ... [A]ttacks were moving away from healthcare facilities and municipalities - which have weak IT controls but also little money - to manufacturing or logistics companies. Such firms have deep pockets and cannot afford extended outages to fix their systems, so would rather pay ransoms, especially if they have insurance to cover them. ...
Premium rates have almost doubled in the United States and jumped by 73% in Britain as a result of the frequency and severity of ransomware attacks, insurance broker Marsh said. RPS said rates for some policies had risen by as much as 300%. Where ransom payments were typically $600 a few years ago, they now are as high as $50 million, said Michael Shen, head of cyber and technology at insurer Canopius, and insurers are sometimes asking policyholders to pay half of the ransom.