The world of cybercrime is expanding at an alarming rate, becoming a lucrative and low-risk venture for criminals. Cybercrime is projected to become the third-largest economy globally, making it a golden era for cybercriminals. Naturally, cyber insurers do not want to be the ones footing the bill.
Regulatory Challenges and the Rise of Cyber Insurance
Despite increasing regulations aimed at curbing cybercrime, these measures often lack the necessary enforcement power and expertise to keep pace with the evolving skills and technologies of malicious actors. The lucrative nature of cybercrime means there's substantial investment in improving criminal outcomes.
This situation has a ripple effect on organizations striving to protect themselves in a world where hackers are increasingly successful at accessing valuable data. In response, in 2010s we saw a surge in insurance companies offering cyber insurance as a safeguard against these digital threats. A few years ago, this was a relatively safe bet for insurers, as hacking, while present, was not as sophisticated or widespread as it is today.
The Changing Landscape of Cyber Insurance
Now the insurers are taking some steps back from their earlier posture. A recent article in Fortune highlighted that Lloyd’s will no longer cover state-backed cyber attacks under their policies from March 31, 2023. This development is significant as insurance companies, including Lloyd’s, are in the business of taking calculated risks. They aim to collect substantial premiums without having to pay out large sums in the future. This change will likely lead to a reassessment of actuarial data, resulting in higher premiums and stricter requirements for demonstrating due diligence to insurers.
The Future of Cyber Insurance
The enforcement of due diligence requires the establishment of fair criteria, such as certification requirements, regulations, and trackable procedures. Given that we're dealing with the digital health of systems, the trend is that insurers are starting see the opportunities to offer cybersecurity assurance services, focusing on prevention. This should include early warning systems, vulnerability discovery and management systems, and other proven effective measures.
For those in the mitigation space, now is an opportune time to collaborate with insurers. As cybercrime continues to rise, so too will the demand for cyber insurance, making it a critical component in the fight against digital threats.