Cyber insurance caught in “perfect storm” as losses surge: Coalition Canada

By Melissa Shin | September 7, 2021 | Last updated on October 30, 2024
3 min read
Risk averse. Vector of a businessman with umbrella resisting protecting himself from falling arrows as a symbol of unfavorable business environment

Correction: This article has been corrected to reflect that Coalition Canada has not sub-limited its ransomware coverage. We regret the error.

The cyber insurance industry is battling “a perfect storm between widespread technology risk, increased regulations, increased criminal activity and carriers retracting coverage,” a Canadian cyber insurance provider has said.

“If the events of the past year are any indication, cyber risk is set to become the defining risk of our age,” George Bozanin, managing partner and head of business development for Coalition Insurance Canada, told Canadian Underwriter.

“In Canada, we are beginning to see cyber and privacy liability capacity constraints as losses have increased and carriers are beginning to increase their underwriting scrutiny,” Bozanin said. “Given the dramatic shift to work-from-home and the monetization of cyberattacks, underwriting considerations carriers could rely on from just a few years ago have essentially become irrelevant and outdated.”

Until recently, most carriers covered ransomware at full limits; however, the increased frequency and severity of such attacks have resulted in some carriers applying co-insurance and sub-limits on a widespread basis, Bozanin said.

While other firms have sub-limited their ransomware coverage, added co-insurance to policies or added exclusions for end-of-life software, Bozanin said that Coalition has not employed any of these tactics.

Ransomware losses at all-time high

Bozanin said the average ransom demand made to Coalition’s policyholders in the first half of 2021 was a staggering $1.2 million.

“That’s a large price to pay for any organization, and is a nearly 170% increase from the average demand in the same period last year,” he said.

Attack techniques have become increasingly sophisticated and more automated, which has enabled criminals to extort ever-growing amounts from organizations, especially smaller businesses that have become “attractive targets.”

Ransomware remains the most lucrative cybercriminal activity and main driver of the hardening market, Bozanin said, although threats of email compromise, social engineering and funds-transfer fraud are still “very much present.”

“While threats continue to evolve, we believe that ransom demands have likely hit their highest levels and will flatten as there is little additional leverage for criminals to gain beyond taking an organization’s operations hostage.”

Claims surge in certain sectors

While no industry has been able to escape the effects of cyberattacks, Coalition’s 2021 Claims Report shows notable increases for specific industries in the past year.

From H1 2020 through H1 2021, Coalition saw an increase in claims frequency of 263% for industrial business, 99% for the manufacturing industry, 53% for professional services, 46% for IT and 30% for nonprofits.

Brokers still struggling to sell

The hardening market and increased capacity constraints are concerning for brokers, with many brokers having an “increasingly difficult time placing cyber coverage, particularly for challenging accounts that require specialized underwriting or security improvements before they would qualify for coverage,” Bozanin said.

“As other markets have pulled back coverage and increased prices, we still see opportunities for cyber insurance buyers who are proactively managing risk to access better coverage and more attractive pricing,” he said.

Coalition has continued providing coverages thanks to its launch of value-add services and software products to help manage cyber threats, like pre-breach services, employee training, incident response planning, compliance assistance and IT security services, Bozanin concluded.

 

Feature image by iStock.com/Feodora Chiosea

Melissa Shin