Why some businesses are re-evaluating their attitude to cyber coverage amid rising premiums and tougher terms

As cyber attacks increase in frequency and intensity, the insurance market continues to adapt.

The most recent announcement from Lloyd’s of London, regarding its forthcoming requirement that cyber policies have an exemption for state-backed attacks, is the latest evidence.

Yet in response to rising premiums, tighter policy wordings, and increasingly substantive risk management requirements, some businesses are re-evaluating their attitude to cyber coverage, with increasing numbers choosing to manage their own cyber exposure.

Lloyd’s introduces war exclusions

It’s well known that the cyber insurance market is hardening. As threats have evolved, the market has responded. This trend has been ongoing for some time, yet the Russia/Ukraine conflict has added a new dimension to cyber-attacks with the frequency and intensity of incidents increasing substantially over the preceding months.

The result of all of this has been rising premiums, tighter policy wordings and reduction in levels of cover, presenting a challenging environment for many businesses seeking insurance cover.

The recent announcement by Lloyds of London, that all cyber policies either incepted or renewed after 31 March 2023 must incorporate a war or state sponsored attack exclusion, has further heightened concerns about how market conditions will develop.

Just one tool in the box

When it comes to risk management, transferring risk via insurance coverage is one of the key tools available but, of course, not the only one.

Businesses can take action to prevent, or at least minimise, the likelihood and effect of cyber-attacks. Realising that they are targets is the first approach, followed by mitigation measures such as business continuity plans, secure backup processes, staff training on attack vectors, buy-in to cyber expenditure at board levels, as well as security software, scanning and infiltration monitoring.

Indeed, as the market has evolved, many insurers have shifted from simply writing cover to being more proactive with customers around factors such as risk evaluation, providing tools and services to identify risk and guidance on mitigations measures.

Organisations are awake to the risk of cyber and many have spent significant amounts of money implementing tools and processes to minimise their exposure.

As such, and in light of coverage restrictions and budgetary considerations, many businesses are now actively considering whether risk transfer be via insurance cover or other means.

Captives, and other options

In some situations, this means utilising budgets for cyber risk management, specialist cyber security solutions and deploying external vendors to operate a SOC (Security Operations Centre) to monitor and react to any potential cyber or spurious activity.

Captives are another solution to self-insure cyber exposure and a route that many large companies are actively considering. Captives can be complex but have the advantage of minimising increasing premium exposure and reducing the pressure on the balance sheet.

Understanding the cyber landscape, IT systems and processes a business undertakes on a day-to-day basis is a key starting point for any business seeking to reduce their exposure to a cyber attack.

At the coal face

Loss adjusters therefore have a role to play in cyber risk management. They are at the coal face of cyber incidents and have seen the disruption a cyber attack can have on a business.

With these insights and experience, loss adjusters can assist businesses in assessing the cyber risks, identifying potential access points for cyber criminals, vulnerabilities to attack and current cyber trends. Staff training, dark web monitoring, vulnerability scans are just some of the solutions that can be adopted.

If and when a loss or incident occurs, key to a successful outcome is prompt reporting of incidents to the relevant stakeholders and bringing in the right team of people to minimise the damage. Time is of the essence in responding to an attack and mitigating the impact to an organisation.

These factors ring true whether or not traditional insurance cover is in place. 

Nigel Collins is technical lead, Cyber & Technology at McLarens