Cyberattacks in Europe have been growing steadily, but the insurance capacity crunch continues

The year 2022 was dominated by the Russian-Ukraine war and its global impact. The geopolitical crisis has led to vast increases in operating and energy costs, disruptions to supply chains and immense financial losses for businesses across the globe.

As we head into 2023, another risk trend which has gained momentum since the invasion is now emerging as the leading risk for businesses.

Cyber-attacks are one of the fastest growing problems faced by businesses in the UK and worldwide. According to Checkpoint, the number of global cyberattacks has increased by 28% in the third quarter of 2022, compared to the same period in 2021.

The number of cyberattacks in Europe generally has been growing steadily and significantly since the Russian invasion of Ukraine, according to a separate report from Moody’s.

The report noted that around 38% of attacks are related to the war, but it is not the only reason for the rise. The number of unrelated attacks in 2022 has already doubled compared to 2021.

Our own Mactavish survey of medium to large sized businesses found that, across all sectors, 79% of respondents had experienced a cyber-attack in the last year, with 50% of those attacks resulting in a loss of data or revenue.

Our research suggests UK businesses are 85% more likely to suffer a cyber-attack than they were just four years ago.

Devastating impact

These attacks can devastate companies, leading to loss of income, data breaches, severe disruptions to day-to-day operations and vast financial costs to investigate and reinstate systems.

Although the public sector faces a higher number of attacks which deny key services, the Moody’s report found that private companies often suffer more operational and financial consequences.

In this context, it is easy to see why cyber has remained the hottest topic in insurance for the last few years.

As well as businesses being at an increased risk of cyberattacks, our survey unveiled that nearly a quarter (23%) of businesses have no cyber insurance cover and that concerns with the accessibility and quality of such cover is high.

Capacity crunch

Cyber risk is clearly on the rise, and while the take up of cyber insurance has risen, confidence in these products has not.

Compounding the rise in the threat is the fact that business are being expected to pay significantly more in premiums for significantly less cover. According to Marsh’s insurance pricing index, UK cyber insurance pricing increased by 66% in the third quarter of 2022, following a peak increase of 102% year-over-year in the first quarter of 2022.

These prices are also rising far faster in the UK than any other market, with all similar ‘financial lines’ insurance now costing four times as much as 2018.

This while many policies now include more and wider exclusions - such as policies written to omit coverage in cases relating to war or terrorism, or with narrower definitions of cover and less available incident response support.

The most vulnerable businesses can find some types of cover simply unavailable to them, such as for ransomware or the costs of their own IT disruption. This raises serious questions about the corporate insurance model: just when protection is most needed, it’s much harder to obtain.

Cyber market shifts are also happening in the context of the longest insurance hard market in living memory, with 20 consecutive quarters of pricing increases and all commercial premiums on average now double the price they were pre-pandemic.

Time for insurers to step up

That Cyber remains the most harshly affected class in the ongoing insurance ‘hard market,’ is further evidence of its rising threat to business as we enter 2023.

This raises new dilemmas for businesses facing difficult choices about where to spend their money, creating in many cases an unhelpful trade-off between spending money on improving cyber security, or spending it on cyber insurance to provide support should that security be breached. Ideally investment should cover both.

As demand for these products is growing, the provision of insurance is not keeping pace. Cover is being eroded as exclusions and policy terms are narrowed, leaving customers feeling dissatisfied and, ultimately, uncertain about what exactly it is they are buying or whether it’s worth the cost.

Insurance has a key role to play in protecting businesses against unforeseeable or unprotectable events and helping to promote security best practice, but the industry’s response to this escalating threat has chiefly been characterised by increased price and a withdrawal of capacity.

What we need to see is insurance providers building a deeper understanding of clients’ risk, last resort support, and helping clients provision a finite insurance budget to competing categories. Ultimately doing more to help clients adapt to this higher risk environment.

Bruce Hepburn is chief executive and founder of Mactavish