The Evolving Cyber Risk Landscape
As technology continues to advance, cyber risk remains a top exposure for companies of all sizes. The increasing reliance on connected technology and cloud services has created a complex risk environment where system failures can have far-reaching consequences. Despite these challenges, the insurance industry is adapting to meet the evolving needs of businesses.
Persistent Threats: Ransomware and Business Email Compromise
Ransomware and business email compromise continue to be significant threats in the cyber landscape. The hybrid working model, coupled with the increased use of cloud sharing, file sharing, and video conferencing tools, has introduced potential vulnerabilities if cybersecurity measures are inadequate. According to the Cyber Infrastructure Security Agency (CISA), 90% of successful ransomware attacks in the US begin with phishing attacks, which can lead to severe consequences including data loss, financial damage, and reputational harm.
Employee training is crucial in mitigating these risks. Employees need to be able to recognize fraudulent emails and understand their role in protecting their company. “Taking the time to train employees is vital because phishing scams can harm individuals and companies in many ways,” said Siobhan O’Brien, head of cyber insurance, MSIG USA.
The Impact of Non-Malicious Events
The increasing interconnectivity of systems means that even non-malicious events can have significant disruptions. The CrowdStrike outage of 2024 demonstrated this vulnerability when a flawed software update caused widespread system failures affecting multiple industries globally. Cyber policies vary in their response to such unintentional failures, highlighting the need for clarity in coverage terms and conditions.
Artificial Intelligence: A Double-Edged Sword
The emerging capabilities of artificial intelligence (AI) present both opportunities and challenges for cybersecurity. While AI can enhance threat detection and response, it also introduces new potential entry points for cybercriminals and raises questions about liability in AI-driven decision-making. “AI can be very positive from a cybersecurity perspective… but it can also be negative, allowing for an increased frequency of attacks on companies,” O’Brien noted.
The Cyber Insurance Market’s Response
The US cyber insurance market remains robust, with increasing demand for policies and available capacity for both primary and excess positions. Insurers are focusing on good risk selection, seeking clients with strong cybersecurity measures such as multi-factor authentication and regular software updates. “Insurers want to understand the security posture of the company… and ultimately their capability to recover from an incident,” O’Brien explained.
Characteristics of Top Cyber Insurers
New entrants like MSIG USA are bringing fresh perspectives to the cyber insurance market. With the backing of a 350-year-old company and a global presence across 40+ regions, MSIG USA is positioning itself to provide comprehensive cyber insurance strategies. The company is assembling a team with deep expertise and partnering with vendors to enhance claims handling capabilities.
As the cyber risk landscape continues to evolve, businesses and insurers will need to maintain a collaborative approach to identify vulnerabilities, strengthen risk mitigation strategies, and clarify coverage terms. By working together, they can better navigate the complex challenges posed by emerging technologies and cyber threats.
