Exploring Captive Insurance Solutions to Manage the Cyber ​​Coverage Crisis | PropertyCasualty360

The cyber insurance market is stagnant as businesses scramble to secure cyber coverage. (Photo: LeoWolfert/Shutterstock.com)

The frequency and severity of cyberattacks continue to escalate at an unprecedented rate. A recent report estimates that the cost of cybercrime will grow 15% year-on-year from 2021 to 2025, reaching nearly $10.5 trillion annually. cyber security venturesThis trend has pushed cyber risk mitigation to the top of business leaders’ concerns, making it one of the highest expense items on their balance sheets.

The cyber insurance market is stagnant as businesses scramble to secure cyber coverage. Despite demand, there are no signs of capacity growth and premium rates are rising.according to Council of Insurance Agents and Brokers (CIAB)cyber insurance premiums increased by an average of 27.5% in the first three months of 2022.

In another troubling development for businesses, insurers are introducing tougher terms and more technical underwriting requirements for certain cyber coverage, especially for organizations that do not have adequate cyber risk management practices. increase. Meanwhile, the rigidity of the cyber insurance market has pushed commercial market costs to unprecedented levels, driving leadership toward alternative solutions for transferring risk. This unique combination of factors is leading organizations to look to captives, risk transfer tools, as an alternative means of controlling costs while mitigating risk.

Cybersecurity threats continue to get worse

It is important to understand the many cybersecurity threats that continue to impact the cyber insurance market.

Russian-Ukrainian conflict

We have yet to see the full impact of the Russian-Ukrainian conflict on cyber warfare. However, Russian cyberattacks are expected to increase. Although it is difficult to attribute a cyberattack to a specific actor or organization, the alleged Russian origin of the cyberattack has been a growing concern among US companies even before the invasion of Ukraine. I was.

Additionally, in April, cybersecurity authorities in the United States, Australia, Canada, New Zealand, and the United Kingdom issued a joint advisory, in which they warned organizations of a potential increase in cyberattacks coordinated with Russia on a global scale. did.

Sophisticated attacks

The number of cyberattacks and data breaches in 2020/21 increased by 15.1% from the previous year, Thinking Institute report. The growing sophistication and severity also raises major concerns. Cybercriminals are using more insidious cyberattack techniques such as social engineering and ransomware. Despite many advances in cybersecurity, attackers are constantly evolving their tactics to stay ahead.

Over the past two years, attackers have significantly increased their sophistication and adopted new techniques that make their attacks more difficult to detect. Sophistication is also related to the speed of cyberattacks. Threat actors can now build on each other to advance at an accelerated pace.

Cybercriminals use the dark web as a starting point to share illegal content, then move to other channels to build on this shared knowledge. Cybersecurity professionals are fighting an uphill battle to keep pace with these criminals who are working together to leapfrog cybersecurity advances.

Growing Cloud Security Challenges

The cloud was designed with ease of use and accessibility in mind, and most businesses have adopted cloud computing to some degree. The global public cloud services market is expected to reach $623.3 billion by 2023, according to a report. Cloud Computing Market Research ReportThis is partly because the cloud can be more secure than traditional on-premises solutions.

Nevertheless, there are challenges. A poor cloud security strategy, lack of cloud infrastructure sophistication within an organization, and general lack of expertise pose significant risks to an organization.

First, a lack of cloud expertise often causes organizations to misconfigure cloud security settings. This has become a leading cause of data breaches. 2020 researchIDC revealed that 8 out of 10 US companies have experienced a data breach as a result of cloud misconfiguration.

Second, because many companies are relatively new to cloud infrastructure, additional security reviews are typically not performed, leaving data open to potential intrusion by attackers. I’m here. Without cloud security management and proper cloud configuration expertise, many enterprises misunderstand where the cloud service provider’s responsibilities end and where their own responsibilities begin.

Third, organizations must address the lack of security in cloud-based customer-facing applications. Companies create easy-to-use interfaces that allow customers and employees to quickly access data in the cloud, but without proper security controls, these interfaces become compromising magnets for threat actors. .

Finally, in the event of a successful intrusion, the increased scalability of the cloud increases the potential attack surface for your business.

Hard Times Are Coming: What Makes This Stalled Cyber ​​Insurance Market Different

As cyber security threats grow, so does the demand for cyber insurance. In addition, as loss ratios for carriers have risen, they are paying more attention to cyber coverage. The scrutiny has increased industry-wide awareness of the uncertainty around cyber threats and the lack of available data to facilitate better underwriting capabilities.

At the same time, a number of large-scale cyberattacks, such as WannaCry, Petya, and Notpetya, are affecting hundreds of companies simultaneously, raising concerns about aggregation and systemic risk. These factors are creating a hardening trend in the cyber market as carriers cut supply. Increase premiums, deductibles/reserves, coinsurance. close the term. Introduce new underwriting technical requirements.

The hardening cyber market presents long-term opportunities for organizations. First, organizations are encouraged to improve their cybersecurity to have a positive impact on their total cost of risk. Second, a hardening market could foster partnerships, collaboration and transparency between insureds and insurers, leading to new and innovative means of managing the total cost of risk.

Growing Attractiveness of Captive Insurance Solutions for Cyber

Captive insurance is an alternative to self-insurance where a parent group or group creates a licensed insurance company to provide coverage to its members. Its main purpose is to insure the owner’s risk and the insured person benefits from the underwriting profit. Owners invest their own capital and resources instead of paying traditional commercial insurers to use their funds. This means higher risk when large claims occur, but saves premiums for smaller, more frequent claims as the company retains the amount paid to traditional insurers You can also.

Captives can also be used to provide coverage and limits not widely available in the market. Captives are particularly attractive to companies that have suffered adverse losses in the past, are operating in risky ventures, or face unique vulnerabilities not covered by traditional insurers.

One of the most attractive aspects of captive solutions is the ability to tailor the solution and coverage to meet a company’s unique risk exposures, while allowing better control over claims decisions.

Captive development challenges

Developing a captive cyber program is neither cheap nor simple, especially if existing captives are not yet in use. Not only does it require a significant up-front investment, establishing a captive cyber program requires a better understanding of the nature of the risks, infrastructure, expertise, vendor relationships, and management of the incident response process and handling. It takes time and effort to build the necessary processes. cyber claims. Cyber ​​claims differ from other lines of business claims as they are very time sensitive requiring the expertise of experienced professionals.

Cyber ​​claims processing expertise is in high demand and expensive. Finding the most cost-effective top talent can lead to consideration of outsourcing cyber claims processing functions.

Additionally, building relationships with vendors to maximize cost savings and expedite the timing of incident response is critical (another potential source of cost savings). Traditional insurers that cover cyber and third-party managers that specialize in cyber have established relationships and preferred pricing with qualified vendors that the insured can leverage.

Cyber ​​Captive: Is It Right for Your Business?

There is significant interest not only in organizations looking to add existing captives to other lines of business (first and third party), but also in starting captives with the primary purpose of insuring cyber risks. has been submitted.

Cyber ​​billing expertise, vendor partner relationships, and upfront investment – ​​all these factors should be considered when strategizing and building a captive program infrastructure to achieve cost savings for the enterprise. . But time will tell whether captives prove to be a durable, viable and cost-saving alternative to cyber risk.

Shushanie EK Liesinger, ([email protected]), JD, CIPP/US is the team leader and director of operations for the Cyber ​​Practice Group at Gallagher Bassett Specialty. She oversees all operational and billing functions across GB Cyber ​​including practice group standards, best practices, and the development of strategic and tactical approaches to expand the company’s footprint within the rapidly expanding cyber market. leading and directing the

Related:

Trends in lawsuits regarding the scope of cyber insurance coverage for remittance fraud

9 industries with the highest demand for ransomware

Leave a Comment