Cyber insurance and the return of profitability and investment


Cyber insurance and the return of profitability and investment


Introduction: Ryan Griffin, a partner in the cyber team at McGill and Partners in Chicago, discusses the evolving landscape of cyber insurance. Griffin sees a return to profitability in the cyber insurance market due to changes in ransom victim behavior, tighter coverage, and higher premiums.

Changing Ransom Victim Behavior:

  • Griffin cites statistics from a 2023 Coveware blog, showing a significant shift in ransom victim behavior.
  • Over the last four years, the percentage of victims paying ransoms has decreased, with only 46% delivering in the fourth quarter of 2022, compared to 85% in the first quarter of 2019.
  • Investments in cybersecurity have led to enhanced detection, prevention efforts, and faster recovery times, contributing to fewer ransom payments.
  • Premiums have increased to account for losses, and the combination of reduced ransom payments, narrower coverage, and higher premiums is improving loss ratios.

Evolution of Cyber Threats:

  • While ransom payments have decreased, cyber threats have evolved, with criminal organizations finding new ways to exploit vulnerabilities.
  • Griffin mentions recent ransomware attacks on companies like Yum! Brands and Dole Foods, highlighting the ripple effects on the global supply chain.

Improved Cybersecurity Measures:

  • Companies have improved their cybersecurity measures, including enhanced phishing awareness, adoption of the least privilege principle, and prioritization of immutable backups.
  • These measures have become prerequisites for obtaining cyber insurance.

Addressing Aggregation Risk:

  • Griffin suggests there has been an “over-weighting” of aggregation risk in the insurance industry.
  • He believes that the insurance industry may underestimate the resiliency of company networks and that traditional property insurance concepts do not fully apply to cyber insurance.

Future of Cyber Insurance:

  • The future of cyber insurance may include pricing plateaus, conservative coverage concessions, and growing potential for cloud outage protections.
  • Some insurers are introducing common vulnerability issue lists, and coverage may vary based on the insured party’s response time to patch vulnerabilities.
  • Griffin suggests that cyber insurance could benefit from adopting pre-set dollar amounts for payouts, offering peace of mind to clients and insurers.

Growing Investment in the Cyber Market:

  • Griffin predicts that investment in the cyber insurance market is returning, driven by profitability and a track record of downtime metrics.
  • He believes there is room for improvement in coverage and recovery, and buyers may be willing to pay higher premiums for enhanced products.

Leave a Comment