How revenue & data influence cyber premiums
Location and security practices also play a role in pricing cyber policies, which cost $1,485 on average.
While massive cyberattacks grab headlines and signal risks in the sector, overall cyber insurance premiums actually declined slightly — around 1% year-on-year — this past year, according to AdvisorSmith.
The drop was primarily driven by “the most expensive insurers reducing rates or dropping out of the market,” resulting in lower average premiums, according to the research company, which noted the size of a business can radically impact premiums for cyber coverage.
Many insurance companies base rates on revenues a business earns, with larger revenues leading to higher premiums. Some insurers use the number of employees as a determining factor, with higher headcounts resulting in larger premiums, according to AdvisorSmith.
To uncover rate trends in the cyber insurance market, AdvisorSmith used more than 43 quote estimates and rating filings from companies nationwide. The research found premiums range from $650 to $2,735 for companies with moderate risk and liability limits of $1 million, a $10,000 deducible and revenue of at least $1 million.
The average annual cost balanced out to $1,485.
Risk tiers
Further, the type of business can also play a role in costs. AdvisorSmith noted a company’s risk can be segmented into low, moderate and high tiers.
Lower tiers, or those that don’t deal much in third-party information and have fewer data records, see the lowest premiums. Small manufacturers with few clients and little in the way of customer information would fall into this category.
Moderate risk companies might hold larger amounts of customer data but may not store highly sensitive details. These types of businesses include retailers that accept in-store credit card transactions.
The top-risk tier includes businesses that store sensitive information such as social security numbers, birth dates, and other financial or personal information. Top-tier businesses include medical offices, accountants, universities and property management firms. Insurance carriers, which are attracting more attention from hackers, would also fall under this category.
The role of location, security
Additionally, location can play a factor, it seems as rates vary by state. For instance, businesses in Arizona faced steep premium hikes, with an increase of 39% from 2019 to 2020, according to AdvisorSmith, which noted policies written in North Carolina saw premiums drop 12% during the same period.
Many insurance companies will also inquire about security practices a company employs. These could include data loss prevention procedures, multi-factor authentication systems and encryption practices. Additionally, how often and quickly a business can spot and patch software vulnerabilities, and if third-party vendors are used to monitor and assess security issues, also come into play, according to AdvisorSmith.
Related: