The cyber liability insurance landscape shows no signs of being any less ubiquitous, unpredictable, and perpetually confusing than in previous years, which is why it’s essential to have a comprehensive guide to the trends in the market and what you should know—and anticipate—as we start the new year. All told, there are plenty of aspects for modern businesses to be cognizant of in this evolving insurance landscape. Woodruff Sawyer is pleased to share our new Cyber Looking Ahead Guide for 2023, addressing these concerns.
After two years of volatility, prices finally appear to be normalizing. As described in the Guide, price increases and a downturn in the frequency of ransomware in 2022 have resulted in healthier insurance carrier loss ratios. Still, we will continue to monitor other catalysts, such as the new California Privacy Rights Act (CPRA) and similar legislative proposals in other states, expanded liability for the C-suite, tightened errors and omissions (E&O) capacity for technology companies, and, of course, the war in Ukraine and its continued widespread effects—including the possible use of the war exclusion.
Watch the Cyber Looking Ahead webinar, where Woodruff Sawyer experts offered their insight into the cyber insurance market to help you prepare for what’s coming.
US Cyber Market Update
After two years of price increases, the cyber insurance market is normalizing. Insurance carrier loss ratios are healthier now than they have been in the past few years.
Here are trends that we dive deeper into in the Cyber Looking Ahead Guide:
- Technology E&O capacity remains constrained.
- Carriers will restrict coverage for systemic risk.
- Underwriters continue to focus on security controls.
- Price increases tailed off in Q4 of 2022.
- Self-insured retentions continue to increase.
- Primary limit decreases subsided throughout 2022.
Hot Topics in Cyber Insurance
Cyber risk is continually cited as a top concern for executives and board directors, and rightfully so. The digital transformation that is underway in every industry has led to increased cyber risk.
In this Guide, we cover these topics in depth:
- Aggregation Risk: Aggregation risk (the risk of all your customers suffering a cyber incident and looking to you for recovery) is most prevalent for service providers—particularly those in the technology sector.
- Widespread Event Risk: Widespread event risk is the risk that all companies using a similar piece of technology are affected by the same vulnerability at the same time. There is very little a company can do to prevent being impacted by the widespread vulnerability—but it is impacting their insurance, nonetheless.
- C-Suite Liability for Cyber Incidents: The C-suite is being held accountable for cybersecurity failures at their companies. And while this isn’t a new trend, necessarily, they also face the prospect of personal liability for those same cybersecurity failures.
- The War Exclusion and Nation-State Sponsored Hacking: The Russian invasion of Ukraine in 2022 raised the prospect of the war exclusion being invoked in response to cyberattacks that might spill outside of the intended target in Ukraine. While the war exclusion hasn’t been invoked on a cyber insurance claim to our knowledge, many cyber insurance carriers are raising the issue with the intent of providing clarity around what types of attacks constitute an act of war.
- Privacy Issues: The California Privacy Rights Act (CPRA) goes into effect on January 1, 2023. While the CPRA maintains the private right of action against companies that suffer a data breach, it also increases the likelihood of penalties for violations of the law.
Underwriters Say Cyber Risk is Increasing
Woodruff Sawyer is in conversation with insurance carriers every day. For the Guide, we surveyed insurance carriers with whom we place cyber insurance around the world—from domestic carriers to Lloyd’s syndicates to startup MGAs.
We asked questions regarding the current risk environment, risk appetite, and future pricing expectations. The results illuminate the expectations of underwriters for 2023. Here are a few key takeaways.
|Cyber risk will increase in 2023|
|Ransomware is the number one threat|
|Companies should be more aware of their cyber risk|
|Companies should focus on strengthening their cyber security|
|Cyber insurance premiums will decrease slightly|
|Self-insured retentions will stay the same|
|Cyber policy coverage will contract slightly|
Our Experts Address Your Questions About Cyber Concerns
In the Guide, we address some key questions concerning cyber liability, including:
- What do companies need to know about the SEC’s proposed cyber rules?
- How should companies with deficient network security approach the market to attract capacity and broad coverage at competitive rates?
- Why is it sometimes easier for non-tech companies to get cyber insurance?
- Do fintech companies have different cyber risks, and how does this affect insurance?
- How has the hardened cyber market affected captive utilization in this area? What should you expect going forward?
Learning more about the market can give you a better understanding of cyber insurance pricing and coverage for 2023. Read the full Guide below and attend our webinar for additional insights.
Woodruff Sawyer’s Annual State of the Economy Update is presented by Nasdaq’s Chief Economist Phil Mackintosh and Head of New Listings Jack Cassel, in conversation with Woodruff Sawyer’s Priya Huskins.