Knowledge Center

Can your organization survive an uninsured Ransomware event?

February 03, 2021

Can your organization survive an uninsured Ransomware event?

If you’re not prepared your renewal might not include this critical coverage. 

Every year we say the cyber insurance market is evolving. While it sounds redundant, it remains true. Years ago, the priority of a Cyber policy was to insure data privacy liability, provide crisis management expenses and meet regulatory requirements when a breach occurred.  The threat landscape has evolved and the quickest way for bad actors to monetize their efforts is to lock up your computer system and demand a ransom for the decryption key. In the last 8-12 months, Ransomware has exploded in the cyber insurance market.  Increased frequency and severity of ransom demands has become unsustainable and the market is taking action to correct this problem.

Like the rest of the insurance market, we are seeing drastic changes in cyber insurance coverage placements. Carriers are making quick and extreme seven figure payments on a daily and weekly basis. Given the time sensitivity of ransomware events, claims are being paid immediately. This contrasts with other casualty insurance products where claim payments are delayed, allowing the carrier to fully adjust the claim, negotiate with third-party claimants and hold onto premiums and make investment income. Thus, the claim by carriers that there is a radical need for change.

As of January 2021, we have begun to see many Cyber insurance carriers implement the following approaches in their underwriting strategies:

  1. Portfolio Rate Need – At the start of 2020 carriers were noting a 5-10% rate need across their portfolio. As of January 2021, we can expect minimum rate increases of 20-50%, with the possibility of rates continuing to climb. This rate need is in addition to any premium increase due to revenue growth.
  2. Individual Account Scrutiny – Previously most carriers required only an application to provide terms. Carriers are expanding their underwriting analysis review to include ransomware supplemental questionnaires, underwriting calls with the Client, and third-party external network scans to identify vulnerabilities, open ports, and software use. Based on the outcome of the additional underwriting we are seeing:
    1. New Exclusions – While cyber coverage has continued to become more expansive over the last decade, carriers have begun to take a hard stance on placements, invoking ransomware exclusions, exclusions related to claims resulting from lack of Multifactor Authentication (MFA) or Remote Desktop Protocol (RDP), or even claims related to large scale hacks with systemic impact.
    2. Coinsurance – In an effort to share the risk exposure, carriers are requiring shared participation of a loss payment, anywhere from 25-50%. This coinsurance is in addition to the applicable retention that must be paid by an Insured.
    3. Changes to Policy Structure – As carriers continue to increase the scrutiny applied in the underwriting process, carriers are not only taking action in the premium charged but also making changes to the policy structure. Carriers are implementing increased minimum retentions, reducing the amount of limits offered and shrinking sublimits to reduce their financial exposure.
    4. Declinations – As the carriers continue to tighten their risk appetite, they are being more selective regarding the accounts in their portfolio. This has resulted in declinations on new business opportunities and non-renewal of long-term accounts if controls such as Multifactor Authentication, Encryption, Backups, or Business Continuity Plans are not in place and actively tested.

So what does this mean for Cyber Insurance policyholders? Long gone are the days that we can expect easy renewals with flat pricing and broad terms and conditions. Clients must be proactive in strengthening their organization’s cyber hygiene. With the help of Graham Service Team, we encourage you to:

  1. Engage your IT Department with Graham Company to review previous applications and cyber controls.
  2. Utilize your Cyber Policy risk management services that are provided as part of the policy to show a desire to improve your cybersecurity posture.
  3. Complete Graham’s ransomware supplemental questionnaire to identify areas of improvement.

A member of your Graham Service Team will be reaching out in the coming weeks to share Graham’s Cyber Questionnaire and continue to assist you with your cyber risk management needs.

Not being prepared for your Cyber insurance renewal could lead to reductions in limits, premium increases, exclusionary language on your policy, or worse- being left uninsured for cyber incidents.  Graham wants to proactively work with you to Prepare and Prevent potential cyber related underwriting issues by recommending that you involve the appropriate personnel from your Information Technology Department well in advance of the next renewal of your Cyber Insurance.