From Niche to Necessity: Tracing the Growth and Transformation of Cybersecurity Insurance

For many SMBs, cybersecurity insurance is a relatively novel concept. First introduced in the 1990s for large enterprises, it covered data processing errors and online media. Since then, liability coverage policies have evolved to address the costs of data breaches, including malware remediation and compromised account resolution.

Modern cybersecurity insurance policies cover expenses such as:

• Compromised data recovery

• Computer system repairs

• Data breach notifications

• Identity monitoring services

• IT forensic investigations

• Legal fees

• Ransomware payments

Data breaches and associated costs continue to surge. In 2021, a record number of data breaches were reported, with a 14% increase in the first quarter of 2022 compared to the previous year. No business is immune; even small businesses are targeted, often facing more significant losses than larger enterprises. Approximately 60% of small businesses shut down within six months of a cyber incident.

The growing online threats and escalating breach costs have driven continuous evolution in cybersecurity insurance. Businesses must stay informed about these trends to ensure adequate protection.

Here are some essential cyber liability insurance trends to be aware of:

Rising Demand for Coverage

The global average data breach cost is $4.35 million, with the U.S. average at $9.44 million. As costs soar, so does the demand for cybersecurity insurance. Companies across industries now recognize the importance of cyber insurance, making it a crucial part of their business liability coverage. This growing demand will likely result in broader availability and policy options for those seeking coverage.

Soaring Premiums

As cyberattacks and subsequent insurance payouts rise, so do premiums. In 2021, cyber insurance premiums surged by 74%, driven by lawsuit costs, ransomware payments, and other remediation expenses. Insurance carriers aim to prevent losses on cybersecurity policies, increasing premiums even as they become more necessary.

Changing Coverage Landscape

Some coverage types are becoming harder to find. For example, insurance carriers are increasingly dropping coverage for nation-state attacks linked to governments. In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. Additionally, ransomware attack coverage is being excluded from some policies due to a 24% increase in attacks between Q1 and Q2 of 2022. This shift puts organizations more responsible for ensuring robust backup and recovery strategies.

Tougher Qualification Criteria

Qualifying for cybersecurity insurance is becoming more challenging as carriers grow more cautious about businesses with inadequate cyber hygiene. Factors considered by insurance carriers include network security, multi-factor authentication usage, BYOD and device security policies, advanced threat protection, automated security processes, backup and recovery strategy, administrative access control, anti-phishing measures, and employee security training. Applying for insurance often requires completing an extensive questionnaire about your cybersecurity posture, with assistance from your IT provider. Undertaking a cybersecurity review before applying can help reduce premiums and strengthen your defenses against cyberattacks.

Need Assistance Navigating Cybersecurity Policies?

Cybersecurity insurance and applications can be complicated, and an incorrect response could lead to higher premiums. If you're considering cyber insurance, don't hesitate to contact us for a consultation. We can help you understand policy details and provide expert guidance.