Cyber insurance: The number of cyber attacks rose rapidly during the pandemic - ransomware is a particularly high risk. Private individuals as well as public institutions or hospitals are victims of the extortionate software, which releases previously encrypted, often sensitive information only in return for a ransom.
Accordingly, the demand for cyber insurance is increasing, but at the same time the loss rate for insurers is increasing. René Schoenauer, Director Product Marketing EMEA at Guidewire Software, on how the insurance industry can cope with these developments in 2021.
More gateways for attacks
By relocating work to the home office, the attack surface of companies has increased significantly. Because employees are dependent on personal devices, which are often poorly protected against cyber attacks, and VPN access to company networks. Corporate networks have expanded beyond their external firewalls more than ever and have become more vulnerable.
Already at the end of 2019, Guidewire observed an increase in vulnerabilities in gateways and VPN networks - the challenging conditions that followed in 2020 did the rest. Ever more sophisticated and partly AI-supported tactics also make defense more difficult.
Underwriting for cyber risk is difficult
With this rise in attacks, so has the demand for cyber insurance and the levels of coverage, which is actually positive news for insurers. But underwriting in the cyber area is also increasingly challenging. Just three years ago, the line of business was profitable with claims ratios of only ten to 15 percent, but the extent of the damages caused this ratio to rise to almost 2019 percent in 50. This year it is far higher, with some insurers even over 100 percent.
In light of the unfavorable and deteriorating risk landscape, insurers have become more cautious - and some big names have already pulled out of this line of business entirely.
2021: trend continues, but brings opportunities
In 2021, ongoing teleworking and technologies such as 5G will further enlarge the attack surface of companies and thus further exacerbate the situation. But there is also good news for insurers: companies have never been more aware of how important protection against cyberattacks is for them.
In addition, the expected threats are largely known, largely avoidable and do not require any extraordinary security measures on the part of the company. For example, improving employee behavior is more in the foreground than technical skills.
Success through knowledge of attack tactics
Another positive aspect for the insurance industry: major advances in data analysis in recent years have made it possible to carry out a precise risk assessment so that insurers can adapt their portfolios to the changing risk landscape.
For underwriters with the right tools, the changes bring a real opportunity to prevail against the competition. The key is tools that monitor and assess cyber security standards behavior indicators to streamline underwriting. For example, the fluctuation of an IT security team, the patching rate for software and the availability of unused services are meaningful indicators of whether a company has its cybersecurity under control. Insurers who can tap into this data with the help of behavioral analysis will have a more nuanced understanding of the risk in their portfolios.
Ransomware remains a threat
Nonetheless, ransomware remains a constant threat for another reason. Blackmailers are demanding ever larger sums because companies comply with criminals' demands and pay the ransom. Because these payments can even be insured under certain circumstances, including payments in cryptocurrencies. Therefore, sooner or later it will be inevitable for government authorities and regulators to take countermeasures in order to slow down this vicious circle. It is conceivable to restrict the use of crypto currencies to settle the claims or to make the coverage of ransom payments for ransomware possible or to prohibit only under certain conditions. In response, cyber criminals will adapt their attack methods. It is therefore imperative to keep an eye on and understand these risks at all times. This is the only way insurers can turn these challenges into opportunities.
More on Guidewire.com
About Guidewire
Guidewire is the platform property and casualty insurers rely on to interact with everyone involved in the insurance lifecycle, drive innovation and grow profitably. We combine digital solutions, core systems, analytics and AI to offer our platform as a cloud service. More than 400 insurers - from start-ups to the largest and most complex insurance companies in the world - use Guidewire software solutions.
As a partner to our customers, we are constantly developing to support their success. We are delighted with our unique track record of implementations, with over 1.000 successful projects - supported by the largest research and development team and partner ecosystem in the industry. Our marketplace offers hundreds of applications to accelerate integration, localization and innovation.