Anup leads the FINPRO practice and is responsible for developing and sustaining the financial liability business across India; with a strong emphasis on technology, pharmaceutical & financial institutions verticals. His role entails risk advisory services to clients, bespoke insurance program design and placement of complex risks in Indian & overseas markets.
In the past couple of years, we have witnessed a proliferating cybercrime economy and a meteoric rise of cybercrime services. According to reports, cybercrime is expected to dent the global economy by USD 6 trillion, if measured as a country, it would be the world’s third-largest economy after the U.S. and China.
India is not far behind either, with 375 cyber-attacks daily in 2020 and up to 7 lakh cyber-attacks in the first 8 months of 2021 (MeITY report to the Parliament), all records of such previous instances were shattered. Cyber-attacks in India besides becoming common have also become deadlier, with Indian companies going through 3X global average attacks in cyberspace. A joint study conducted by Marsh, and RIMS, the risk management society®, large-scale cyber-attacks and data frauds remain one of the top-three risk concerns for the Indian corporate sector.
The 2020’s have brought in a new era of cyberattacks. Although viruses, breaches, and other forms of attack have persisted for decades, last year saw an increase in sophistication of bad actors, the propensity to pay for ransomware victims, and a massive spread of geopolitical uncertainty — which are all favourable conditions for hackers.
There have been profound severity of financial consequences. Ransom payments have surged into the millions from five-figure price tags. A 2021 report from Atlas VPN pegs ransomware cost to victims at $45 million in 2021.
In face of a major financial fallout from an attack, C-suites globally have turned to cyber insurance. Insurers around the world are issuing more policies, and the amount of protection available has increased. However, the momentum that propelled this line of insurance in light of increased cyber-attacks has also created a supply problem.
Insurers are now warier in providing cover and reinsurers less interested in backing cyber liabilities as they have burnt their hands with frequent and exorbitant claims. There is also a lack of historical loss data due to the cyber insurance industry’s infancy, which adds to the layer of unpredictability for underwriters.
Impact on Cyber Insurance Market
- Increase in premium –
- There has been continued acceleration in premium increases. The average premium increase in March 2021 was 38.8% YoY with further increases of at least 50% anticipated in H2 2021, depending upon risk profile.
- Decrease in limits/coverages-
- Insurers have begun restricting total exposed limits and ransomware-related coverages. The worsening loss ratios have led to corrective actions such as limiting capacity and cover to maintain portfolio integrity. Few Insurers are sub limiting cyber extortion to a maximum of US$5M with a 50% coinsurance clause.
- Stricter underwriting-
- Insurers have revamped their underwriting guidelines to focus on better risk selection. They now require additional ransomware questionnaires and responses to which dictate the pricing, coverage and capacity on offer.
- The uptick in ransomware losses has also led some Insurers to run outside vulnerability monitoring using third party vendors for common vulnerabilities and exposures (CVE).
- Aggregation risk-
- It is a major issue as insurers grapple with the volume and cost of attacks, the increasing number of widespread attacks and the trickle-down impacts of cybersecurity incidents in the supply chain.
- Going forward, we can expect further capacity management implementation.
- Move towards standardized cyber coverages-
- Hardening of the cyber market will enable terms to be revised and remove ambiguities to move towards a more common market wording, that reflects the risks that insureds face and the exclusions that insurers need to apply.
- In the coming years, the industry is expected to remove some level of variations in cyber insurance coverages, and alternate wordings will only remain where more sophisticated buyers demand it.
Cyber risks are expected to remain the top-risk throughout the 2020s. There will be continual development and businesses’ reliance on technology and an ever-growing attack surface for threat attackers, with huge financial incentives. Additionally, the increased media coverage on businesses being attacked and stricter governmental action will keep contributing to businesses seeking to hedge cyber risk with insurance.
An increase in cyber-crimes may just prove to be the genesis of a matured cyber insurance market that we will see in the upcoming years.