The Evolving Cyber Landscape and Insurance Adaptation
As technology continues to advance, cyber exposures are evolving at an unprecedented rate. Businesses and their insurers must collaborate closely to enhance security measures, refine coverage, and stay ahead of emerging risks. Cyber risk remains a significant threat to companies of all sizes in our increasingly connected, technology-dependent world. The opportunities for system failure continue to multiply, with far-reaching consequences.
Persistent Threats: Ransomware and Business Email Compromise
“Ransomware and business email compromise remain significant threats,” said Siobhan O’Brien, head of cyber insurance at MSIG USA. The increased use of technology, particularly in hybrid work environments with cloud sharing, file sharing, and video conferencing tools, presents potential vulnerabilities if cybersecurity measures are inadequate. According to the Cyber Infrastructure Security Agency (CISA), 90% of successful ransomware attacks in the US begin with phishing attacks, allowing malicious actors to plant malware within an organization’s system.
The consequences of such attacks can be severe, putting sensitive data, customer information, intellectual property, and revenue at risk. Not all companies have the financial resilience to survive the resulting downtime, loss of income, and reputational damage. Employee training is crucial in mitigating this risk. Employees must be able to recognize fraudulent emails and understand their role in protecting the company.
“Taking the time to train employees is vital because phishing scams can harm individuals and companies in many ways,” O’Brien emphasized. Phishing training emails and videos, though seemingly simple, highlight the importance of vigilance. Employees must comprehend the implications of clicking on malicious links to prevent harm to the company and ensure its survival.
Vulnerability to Non-Malicious Events
Increasing interconnectivity and reliance on cloud services mean that outages can disrupt millions of businesses. The 2024 CrowdStrike outage exemplifies this vulnerability. A flawed software update caused a system failure affecting Windows users worldwide, impacting various industries including airlines, airports, hotels, healthcare, financial services, and emergency services. Such disruptions have the potential to bring the global economy to a halt.
Cyber policies vary in their response to these unintentional failures. “The biggest headline event in the cyber world last year was a non-malicious event, which some risk models didn’t anticipate,” O’Brien noted. Some policies responded positively to such incidents, while others excluded coverage. Purchasers of cyber insurance will likely seek clarification on policy intent regarding non-malicious events without limitations.
For insureds, this underscores the importance of maintaining up-to-date technology systems and having backup processes in place. It also highlights the unpredictability of cyber risk. Insurers, brokers, and clients must work together to identify vulnerabilities, strengthen risk mitigation strategies, and clarify coverage terms and conditions.
The Double-Edged Sword of Artificial Intelligence
Emerging AI capabilities have both positive and negative potential for insurers and insureds. “AI can be very positive from a cybersecurity perspective, enabling better protection through enhanced threat detection and rapid response,” O’Brien said. “However, it can also be negative, allowing for an increased frequency of attacks on companies.” New technologies often bring both benefits and challenges, making it essential to find the right balance.
Companies can employ AI to streamline processes, reduce human error, boost efficiency, and cut costs. However, AI platforms also represent another potential entry point for cybercriminals. Perpetrators can utilize AI to commit fraud, leveraging “deepfake” technology to execute social engineering schemes. There are also broader questions around liability when it comes to decisions made based on AI-driven algorithms.
The Evolving Cyber Insurance Market
The US cyber insurance market is currently robust, with ample capacity available for both primary and excess positions. The number of cyber insurance policies being purchased is increasing year over year, according to the 2024 NAIC Report on the Cyber Insurance Market. “According to recent reports from global insurance and reinsurance brokers, the cyber market experienced single-digit decreases in pricing in Q4 in the US,” O’Brien reported.
Good risk selection remains critical, with insurers seeking clients who have strong cybersecurity measures in place. These include strong passwords, regular software updates, thorough employee training, and multi-factor authentication. Insurers want to understand a company’s security posture, data encryption practices, utilization of multi-factor authentication, firewall strength, and capability to recover from incidents.
Characteristics of a Top Cyber Insurer
As a new entrant in the cyber insurance market, MSIG USA brings a fresh perspective without legacy issues. “We have the robust infrastructure and financial strength of a 350-year-old company behind us, while our team is equipped with the expertise and capabilities to innovate and respond to clients’ cyber needs,” O’Brien said. This supports the collaborative partnership necessary to address cyber risk exposures.
MSIG USA is assembling a team with deep expertise and a holistic view of clients’ risks across all insurance lines. In claims handling, they are partnering with vendors to enhance their in-house capabilities and respond rapidly to clients’ needs. With a presence in 40+ regions and countries globally, MSIG USA is poised to provide comprehensive strategies that protect clients and help them achieve their goals in today’s technology-driven world.
