Global cyber insurance premiums are declining despite an uptick in ransomware attacks, according to a recent report by insurance broker Howden. This trend reflects improved business security practices, evolving insurance industry dynamics, and changing attitudes toward cyber risk management.
According to Reuters, the Howden report indicates that the cyber insurance market experienced double-digit price reductions in 2023/24, a stark contrast to the skyrocketing premiums seen in 2021 and 2022 during the COVID-19 pandemic. Sarah Neild, head of U.K. cyber retail at Howden, attributes this decline to enhanced cybersecurity measures implemented by businesses, such as multi-factor authentication (MFA) and increased investment in IT security and staff training.
"MFA is the most basic thing you can do; it's like locking the door when you leave the house," Neild explained. "Cybersecurity is a many-layered beast."
Interestingly, this downward trend in premiums comes despite an 18% increase in recorded ransomware incidents during the first five months of 2024 compared to the previous year. The report suggests that businesses are becoming more adept at mitigating their losses from cyberattacks, particularly through improved backup systems and cloud services that help reduce business interruption costs.
However, Dr. Ilia Kolochenko, Partner & Cybersecurity Practice Lead at Platt Law LLP and CEO at ImmuniWeb, offers additional insights into these trends. He points out that the falling premiums may also reflect changing attitudes among businesses towards cyber insurance:
"Fewer companies are willing to invest a considerable amount of money in cyber insurance after having a pretty bad experience in the past, when insurance coverage was denied under a plethora of reasons and contractual clauses inconspicuously incorporated into the insurance agreement," Dr. Kolochenko explains. "After burning their fingers with an insurance policy, some companies either entirely re-allocated insurance budget to improve their cybersecurity controls and hire more people, or procured the bare minimum of cyber insurance as it may be required by law or be a prerequisite of their external stakeholders."
Dr. Kolochenko also highlights the maturation of the cyber insurance industry, noting that insurers now have sufficient historical data to offer more accurate, data-driven premiums. This allows them to better quantify risks and offer more competitive conditions while maintaining profitability.
The Howden report predicts that growth in the $15 billion global cyber insurance market is likely to be fastest in Europe in the coming years, given current lower market penetration levels. However, it also notes that smaller firms are less likely to purchase cyber insurance, partly due to a lack of awareness of cyber risks.
As the cybersecurity landscape continues to evolve, organizations, insurers, and cybersecurity professionals will need to remain vigilant and adaptive. The falling premiums may offer an opportunity for more businesses to obtain cyber insurance coverage, but as both the Howden report and Dr. Kolochenko emphasize, robust internal security measures remain crucial in the ongoing battle against cyber threats.
Read the full Howden report here.
Follow SecureWorld News for more stories related to cybersecurity.
