Looking Ahead: Cyber Liability Insurance Concerns in 2024

The cyber insurance market dramatically shifted from 2022 to 2023. A perfect storm of positive trends and facts combined to create a soft cyber insurance market. These include higher pricing after a two-year hard market, reduced claim experience due to a lull in ransomware throughout 2022, and improved cybersecurity controls at the insured company level driven by insurance underwriting mandates.

Many of Woodruff Sawyer’s cyber insurance clients saw decreases in the cost of their insurance throughout 2023—58% of clients in the first half of the year and 65% in the second half. In our Cyber Looking Ahead Guide for 2024, we share key insurance market themes that emerged throughout the past year, as well as our predictions for this year.

To learn more, watch the Cyber Looking Ahead webinar on demand. Woodruff Sawyer experts offer their insight into the cyber insurance market to help you prepare for what’s coming

Here are the trends we examine in the Cyber Looking Ahead Guide.

• War Exclusion: Many carriers launched revised language this past year—spurred by a mandate from Lloyd’s of London to its syndicates.
• Ransomware: By the end of the year, ransom claims had risen to 2021 levels, the highest year of ransom claims on record.
• The SEC’s Cyber Rules: We share what you need to know about the new cyber disclosure rules.
• Coverage Restrictions for Systemic Risk and Privacy Violations: Pixel tracking claims were concentrated in the healthcare space in 2023, but we predict more activity outside healthcare in 2024.
• Privacy Violations: We explore recent litigation and ways to protect your company from similar lawsuits.
• Cybersecurity Controls: Client investments in maturing their cybersecurity controls are starting to pay off on the insurance side.

Hot Topics in Cyber Insurance

We also dive into some of the issues that are expected to affect cyber risk and insurance.

Warfare: In modern warfare, cyberattacks are part of a nation-state’s offensive arsenal. The current wars in Ukraine and Gaza bring the prospect of an attack spilling outside of intended targets and impacting the broader private sector into real focus. We explain what war exclusion means for cyber insurance policyholders and how the potential inclusion of ransomware cybercrime groups in the federal sanctions list affects ransom payments.

SEC Regulations: The new requirement to disclose material incidents within four days of discovery will be a dramatic shift for those required to comply. The SEC regulations also put the role of chief information security officer (CISO) in the spotlight.

AI’s Impact: Inherently, AI won’t change cyber risk. But it may exacerbate the severity of a problem when it arises. This impact will increase the importance of making an informed choice using data science and analytics when purchasing cyber insurance.

Technology Supply Chain: The payoff for attackers is clear: Breaching a single, widely used technology vendor can provide access to high volumes of potential targets. When you add in the fact that many companies don’t patch systems promptly, the effects of these breaches can be felt for years.

Privacy Risks: Thirteen states, including Texas, now have state privacy laws on the books. While the focus was on healthcare companies in 2023, we expect more privacy lawsuits to be filed in other industries, such as retail and financial services, in 2024.

Underwriters Predict Higher Risk, Ranking Ransomware as the Biggest Cyber Threat

At Woodruff Sawyer, we engage in daily conversations with insurance carriers to gain a deeper understanding of their perspectives. In our annual survey of cyber insurance carriers, we sought underwriter perspectives on the current risk environment, their risk appetite, and future pricing expectations.

Although ransomware remains the most significant threat for underwriters, our survey reveals privacy violations and data breaches have gained prominence compared to last year.

Here are a few key takeaways from the survey:

• 56% of underwriters believe cyber risk will increase significantly in 2024.
• 63% of underwriters ranked ransomware as the number one threat.
• 81% of underwriters believe cyber insurance premiums will increase slightly.
• 69% of underwriters expect self-insured retentions to stay the same.
• 75% of respondents believe cyber policy coverage will remain the same.

Our Experts Address Your Concerns

In the Looking Ahead Guide, our team of professionals answers critical questions from our clients regarding cyber insurance pricing and coverage for 2024.

• How have companies been responding to the SEC’s cyber disclosure rules?
• How can analytics help companies make better decisions about their cyber risk and insurance?
• How can CISOs protect themselves from the bankrupting cost of litigation?
• Will cyber-physical damage coverage continue to become more limited?

As the cyber insurance market continues to evolve, the industry faces new and serious risks. Companies must understand these changing risks and adjust accordingly. Learning more about the market can give you a better understanding of cyber insurance pricing and coverage for 2024. Read the full Guide below.

Want more insights? Watch the Cyber Looking Ahead webinar on demand.