Cyber Insurance Costs Rising, Coverages Shrinking: Report

According to a survey issued Tuesday by a cybersecurity business, rates for cyber insurance plans continue to climb while a rising number of exclusions limit what they cover. Nearly four out of five (79%) of the more than 300 organizations in the United States surveyed by Censuswide for privileged access management provider Delinea saw their insurance costs rise, with more than two-thirds (67%) reporting that their cyber insurance premiums rose by 50% to 100% when they applied for or renewed their policies this year.

“It’s become clear over the past year that cyber insurers are learning from their data and are now maturing,” said Delinea Chief Security Scientist and Advisory CISO Joseph Carson in a statement.
He added that in the early days of cyber insurance, insurers were just attempting to meet a massive demand, but now they see the importance of reducing their exposure to both avoidable and uncontrolled conditions.

Risk assessment and cyber insurance will constantly be in change, much like attack vectors, according to Bud Broomhead, CEO of Viakoo, a Mountain View, Calif.-based supplier of automated IoT cyber hygiene. conditions on the insured, such as requiring automated cyber hygiene for non-IT devices and systems,” he explained to Techrafts.

Exclusion Explosion

Limiting coverages through exclusions is one method insurers are decreasing their exposures when establishing cyber insurance plans. According to the Delinea analysis, the number of exclusions from cyber insurance coverage is rising. The biggest reason provided by survey respondents for not include coverage in a policy was a lack of security safeguards (43%), followed by human error (38%), acts of war (33%), and failure to follow necessary compliance procedures (33%).

Exclusions might reduce the value of cyber insurance in the view of a company. “Any exclusion that excludes social engineering scams or human error essentially kills that policy, because most cyberattacks are related to those two root causes,” Roger Grimes, a KnowBe4 protection advocate, asserted.

“Seventy to 90 percent of all successful cyberattacks involve social engineering,” he told Techrafts. “Any exclusion that excludes social engineering effectively eliminates your chances of being reimbursed.”

Exclusions lower the total value of a policy by reducing the genuine extent of coverage, according to Jason Dettbarn, founder and CEO of Addigy, a Miami-based provider of an Apple device management platform.” “More importantly, though, very few companies meet the core underwriting requirements,” he told Techrafts. “They don’t have the right cyber/IT management tools or processes in place internally.”

Onus on Victims

According to Carson, the growing number of exclusions and limits means that companies must comprehend the tiny print inside the rules to guarantee their claim is authorized.

According to Darren Williams, CEO and creator of BlackFog, a Cheyenne, Wyoming-based developer of on-device, anti-data exfiltration technology, the rising costs of cyber insurance are putting a strain on all firms worldwide.

“We are seeing many small businesses choose not to have any coverage due to the number of exclusions,” he told Techrafts. “Moreover,” he said, “exclusions combined with recent announcements from states prohibiting ransomware payments render insurance of limited value.”

Operational Necessity

Nonetheless, organisations that avoid purchasing cyber insurance do so at their peril. “Cybersecurity is nearly mandatory for any business that holds customer data and is at risk of a data breach or ransomware attack,” Dettbarn noted.

“Today, cyber insurance is highly recommended,” said Theresa Le, chief claims officer of Cowbell, a Pleasanton, California-based provider of AI-powered cyber insurance for SMBs. “Even with the best cybersecurity efforts, businesses still face residual cyber risks due to system misconfigurations, employee errors, or other unintentional security gaps,” she said to Techrafts.

One of the most striking facts from the analysis, according to Carson, is the growth in organisations that utilised their cybersecurity insurance more than once, from 41% in 2022 to 47% in 2023.