2021 has seen several high profile corporate cyber-attacks on businesses. Whilst these are a relatively new threat to businesses around the globe, these major attacks can represent value destruction for a company with the ripple effect being felt across the supply chain. Whether it’s a pause in business activity or a negative impact on reputation, the repercussions can be felt for months to come.
Cyber-attacks have a hugely adverse impact across the supply chain, with exposure from breaches such as ransomware attacks having significant ramifications as well as being complex to resolve. This problem is not one that is going away, instead it is growing with ransom demands increasing in recent years for example CNA Financial, one of the largest US insurance companies, paid out $40 million in March 2021.
Cyber insurance: the state of play
Cyber insurance has become an important form of protection to businesses and the increased frequency and severity of incidents is driving up cyber insurance premiums across the globe. With more incidents of cyber-attacks, more companies are forced to make more frequent and greater claims against their cyber insurance policies.
At Proxima, we have seen this first-hand as our clients are facing increased premiums at renewal, ranging from 40% to 85% for the same level of cover when comparing 2020 to 2021. Another trend which poses risks to businesses is that we are seeing more and more insurers not writing new business or taking on additional increases. It is vital that businesses understand the steps that must be taken to mitigate cyber risk, cover themselves against attacks and ultimately protect their business interests.
The cyber insurance market has grown significantly as the need for protection against cyber threats increases. We expect demand for cyber insurance to continue to increase over next 12 to 24 months. We’ll also see insurance companies conducting enhanced cybersecurity risk analysis of companies seeking to purchase or renew policies as they seek a greater understanding of the emerging risks that they are insuring clients against.
Action for your business
But what does this mean for your business? Ultimately, it’s about being more prepared for cyber-attacks. It is vital that businesses not only have appropriate provisions and levels of cyber insurance coverage but also are confident that their suppliers also have appropriate levels of cyber coverage agreed in contracts and MSA contracts and agreements. This is coupled with additional investment into cyber security software and staff training, because after all it is human behaviour that can often represent the most significant vulnerability when it comes to cyber-attacks.
If that wasn’t enough, we can also expect cyber insurance renewals and requests for new coverage to be more difficult this year. At Proxima, we have seen that insurers have denied requests for greater level of coverage in renewals. Inaction is not an option for business as the changing landscape will not only result in stricter indemnity limitations, but also refusals to fully pay out on claims and even denial of coverage.
The role of procurement
Collaboration internally is key, ensuring that organisations have appropriate provisions and level of coverage and that this extends to suppliers which access the organisation’s data. Increasing insurance costs and scrutiny at renewals also means that procurement teams have an opportunity to play a vital role in facilitating between brokers and insurers, and their organisations risk and IT security teams. Cross department discussions work to enable brokers and insurers to gain a better understanding of the cyber risk within an organisation and the cyber risk management procedures that are in place. More and more a quantitative approach will be needed to measure and communicate client risk to support negotiations and this should be seen as a key role for Procurement.
By demonstrating how your business is working to manage risk and improve cyber risk management considering the increasing and ever-changing cyber threat, a business gives themselves the best chance of getting the best coverage at the best cost. If an insurer has a better understanding of the actual risk associated with an organisation, there is increased confidence. The Procurement team is key as it has the ability to demonstrate a client’s investment in cyber security software to brokers and insurers, which ultimately helps the business in key conversations.
Click here to read why investment in cyber-security has become today’s most crucial business objective.