Hacking/insurance: companies should expect to pay a high price for cyber protection

Businesses face a myriad of perils. Cyber ​​risks are the worst of all, according to the list of global trade threats developed by the German Allianz. Attacks are on the rise. The cost of insuring against them also soars. It more than doubled in the United States in the fourth quarter of 2021 alone, according to insurance group Marsh.

The cost of coverage is increasing due to higher claims, combined with lower capacity. Some insurance companies have decided to stop underwriting cyber insurance altogether.

Their caution is understandable. Threats were repelled by their own vulnerability. Last year, the American company CNA and the Parisian company Axa were targeted. Ransomware attacks happened every 11 seconds in 2021, according to Cybersecurity Ventures. Their ubiquity is linked to the emergence of ransomware-as-a-service. Criminals with little technical knowledge can locate ransomware programs on the dark web and rent them for as little as $40 per month. They can then extort large sums, using cryptocurrency to help evade detection.

Many insurers have too little data to be sure of their pricing. They are particularly worried about the accumulated liability when an attack snowballs and affects a large number of companies at once. The resulting claims can break the principle of pooling at the heart of the insurance model.

Not everyone backs down. In mid-2021, London-based insurance provider CFC launched a new insurance syndicate that will focus on cyber and other emerging risks. Last week Beazley, also based in London, said he was excited about the opportunities. She attributed her ability to swim against the tide to her expertise and ability to help her clients improve their resilience.

Working with customers to improve controls is crucial but may not be enough to avoid a deluge of complaints. Advances in quantum computing that unlock hordes of stolen encrypted data are just a nightmare scenario. Ultimately, some sort of public-private partnership might be needed to provide a safety net. In the meantime, companies should expect that insurance, if they can get it, will be increasingly expensive.

The Lex team wants to know more about readers. Please tell us about your own experiences with cyber risks and insuring against them in the comments section below.

Kristan F. Talley