Cyber insurance in 2022: A year for collaboration
The cyber insurance industry is adapting quickly as policyholders increase their awareness of digital threats.
This year (2021) has been tumultuous for businesses for several reasons. Topping the list was the rapidly growing rate of attempted ransomware attacks.
The Identity Theft Resource Center (ITRC) reported that the number of data breaches in 2021 surpassed 2020’s figure by the end of September.
But is there a silver lining?
One could argue that the rise in the number of attacks also increased business leaders’ awareness of the dangers and spurred them to take proactive measures when it comes to both cybersecurity and cyber insurance.
As 2022 unfolds, the expectation is that businesses will be more open and willing to put such controls in place. It follows that today’s business must now abide by some basic cybersecurity hygiene practices in order to qualify for coverage. They also must proactively seek out the cyber insurance protections that are right for them and unique to their industry.
Since cyber threats are always evolving, businesses need to make sure their protections are evolving as well.
Here are three predictions for where the cyber insurance industry is heading in the new year.
The impact of software supply chain threats
The past two years were scarred by a rise in ransomware attacks. Now, many of us in cybersecurity and cyber insurance believe the next great threat will be software supply chain attacks.
A recent study by the cybersecurity firm BlueVoyant found that 97% of firms surveyed had their supply chain impacted by a cybersecurity breach. What started with Solarwinds-related incidents at the end of 2019 has repeated. Case in point: the recent zero-day exploits on Log4j along with similar incidents related to open source software. Such events have increased 650% recently, according to a Sonatype report.
What’s more, the new year will continue to reveal the consequences of the 2021 acceleration of business digitization, with an explosion of incidents related to the software supply chain. This will drive demand and innovation in the cybersecurity market along with the need for refined coverages and a more thorough assessment of cyber risk for insurance purposes.
Cyber insurers must have a deep understanding of the technologies aimed at policyholders and applicants to model their aggregated risk and adjust their risk appetite accordingly.
This will widen the gap between traditional insurers that still rely on paper application and manual underwriting from modern insurers that already use data and technology to accurately and dynamic assess risk address and can deploy adaptive underwriting processes for cyber.
Customers will proactively seek more protection
As insurance providers responded to the frequency and severity of the claims made in 2021, businesses realized they are not as insurable as they once were. In response, those aching for coverage are more than willing to put controls in place to improve their cyber hygiene. This is a shift in mindset: Policyholders finally understand that they need baseline cybersecurity measures in place.
Boardrooms are becoming more aware of their cyber risk thanks in part to the underwriting process. A process that gives them an additional layer of recommendations. Underwriting provides the leaders with the information they need before they find the funds they need to take action. Yet they know the solid controls in place can still be breached. The good news is they are learning that those controls can not only provide protection but also qualify them for insurance which provides the financial protection needed in case of a severe event.
The gap between cyber insurers and cybersecurity will close
Cyber insurance and cybersecurity will likely remain two different industries for the foreseeable future. However, the ecosystem between the two grows stronger every day. The NIST cybersecurity framework of identify, protect, detect, respond and recover can be fully utilized by strengthening the partnerships between cyber insurance and cybersecurity.
The year to come will be a big one for both industries to build those partnerships and drive collaboration. There is increased demand to expand partnerships with cybersecurity providers.
By working side-by-side, cyber insurers and cybersecurity firms have the ability to not only assess client risk but also provide them with the tools they need to protect themselves. Cyber insurers will bring better risk control to the partnerships along with continuous improvement to all the resources we provide to policyholders.
Chris Reese (Chris.reese@cowbellcyber.ai) is head of insurance at Cowbell Cyber. These opinions are the author’s own.
See also: