Cyber Liability Landscape in 2020
Cyber, Property & Casualty
Derek Laczniak
Senior Client ExecutivePartner
Cyber threats continued to evolve in 2019 – as did cyber protection and the importance of cyber liability insurance. As a leader in your organization, it’s imperative that you stay on top of current trends in this space to keep your business, your employees, and your customers protected.
2019 Facts & Figures:
- Reporting of cyber security crimes and incidents remains low, estimated at only 10% by the FBI.
- Ransomware payment costs exceeded $7.5B in the United States in 2019
- Cyber Liability Carriers report loss ratios to exceed 100% in 2019
- Three largest data breaches of 2019: Capital One, Zynga, First American Data Breach
What to Watch for in 2020:
- Cyber law will be rewritten to align with European standards. This shift will provide more consumer protection at the state level, and increase frequency of investigations and penalties. Some legislation will target specific industries (such as the Insurance Data Security Law directed at the insurance space), while others will rewrite outdated laws which place the burden of security on individual organizations in the spirit of consumer protection. Ultimately, organizations of all shapes and sizes will carry the exposure of consumer data and how it is managed, or face stiff consequences from regulators.
- Underwriting of cyber liability will include increased scrutiny of high exposure industries. Since 2010, cyber liability insurance has grown rapidly, with demand nearly reaching capacity year in and year out. Insurance carriers were quick to enter the market utilizing “copycat” policy language that was already available, but underwriting of organizations was an afterthought and loss ratios remained profitably low. 2019’s losses generated a need for a more stringent underwriting process centered on the cyber security structure and initiatives of organizations. In 2020, high exposure industries (public entities, healthcare, financial institutions) and organizations with larger limits will face more scrutiny.
- Ransomware is still a significant threat. Five years ago, bad actors were fixated on opportunities to steal large troves of private or financial information. Today’s ransomware has introduced opportunity to a much larger field of bad actors who are armed with software that can be dispatched as easily as attaching a picture to an email. This unique combination of ease of entry and high rewards has led to a triple digit increase in frequency of ransomware attacks.
- Cyber liability insurance remains competitive across the global marketplace – but the winds may be changing. The global market is still ripe with capacity, but it remains difficult for insurance carriers to get the rate they would like as a result of 2019’s losses. Many insurance carriers hope that the threats they saw in 2019 will be addressed by organizations through increased security measures. In the meantime, expect that insurance carriers will look to increase rate for accounts that are not at risk, or where premium is small enough to be hidden. New cyber liability buyers will still find plentiful options when pursuing coverage.
- Your data is still your data in the cloud. One of the perceived advantages of migration to cloud based storage is the expectation that the cloud’s security is better than what you can achieve on your own. However, most customers have very little protection against cloud breaches. Typical contracts include one sided indemnification and a failure to communicate with customers in the event of a security incident. Work with your insurance advisor to review contracts and protect your organization.
- Outlook users should be aware of compromising convenience over security Microsoft Office 365 has become the standard for email management within organizations. However, with its tools and convenience comes security concerns and vulnerabilities. Users need to be mindful of the use of Outlook Web Access, as it allows users to log into business email from any web connected computer. Your organization can configure Outlook, oftentimes for free, to force enhanced logging. This small step remains critical for the investigation of data compromises.
- Multi-factor authentication will emerge as the standard. Providers have emerged to offer dual authentication at low costs and make access to this critical tool available to the masses. Bad actors use vulnerabilities to infiltrate inboxes within organizations that have responsibilities for financial transactions inducing third parties to re-route payments to foreign bank accounts. Using multi-factor authentication can eliminate most email-based attacks which continue to rise in the cyber liability landscape.
2020 is shaping up to be another important year for cyber liability. With your customers’ data on the line, it’s vital that you stay current on the cyber landscape and put the proper procedures, policies, and best practices in place for protection.