Cyber ​​insurance premiums are falling, Howden insurance brokers report finds

Increased corporate cybersecurity awareness has led to a 15% drop in global cyber insurance premiums over the past two years. New report from Howden Insurance Brokers This remains the case despite cyber threats, especially ransomware attacks, becoming increasingly common.

Since 2022, awareness of cyber hygiene practices such as multi-factor authentication, EDR, and cloud backup has increased significantly.

Ransomware attacks have increased 18% this year, according to Howden and NCC Group, but effective risk controls have reduced the need for companies to pay ransoms. However, after a brief decline in 2022, recovery costs are now starting to rise again.

As the COVID-19 pandemic forced businesses to hastily shift to remote work, insurance premiums soared in 2021 and 2022. Threat actors actively exploited new network vulnerabilities caused by the use of personal devices, increased access points, and loss of centralized data control, leading to more claims.

Sarah Neild, head of UK online retail at Howden, explained why cyber insurance costs have fallen. “Increased awareness of risk due to continued high-profile attacks is one reason,” she told TechRepublic in an email.

“Insurance companies are requiring businesses to meet minimum hygiene standards in order to be covered, which is also having a major impact. As a result, there are fewer claims and insurance premiums are cheaper.

Neild added: “While the company has shouldered a considerable investment burden, it has helped inject much-needed resilience into policyholders. This is paying dividends as they navigate a rapidly changing threat environment.”

Howden’s data also shows that the number of indirect claims from third parties unintentionally targeted in cyber incidents is on average lower than direct claims, further suggesting that companies are effectively managing risk and mitigating losses.

The report noted that as more insurers offer cyber insurance policies, competition among insurers is also increasing, helping to lower prices for customers.

“The favorable situation will continue until 2024, as cyber insurance costs will continue to fall despite continued attacks, increased geopolitical instability and the spread of artificial BroadCast Unitedligence,” Neild said in a report. Press release.

“The market has never experienced the current combination of conditions: an intensified threat landscape combined with a stable insurance market underpinned by strong risk controls.”

The Howden report also found that demand for cyber insurance in Europe is likely to grow in the coming years. Penetration in the region is currently low, but awareness of cyber risks and strategic security investments are rising. Small and medium-sized organizations are also an underserved market.

Neild said she expects low prices to persist. However, prices are unlikely to fall further. “The current dynamics — supply and demand, strong competition, etc. — suggest that buyers will continue to benefit from favorable conditions,” she told TechRepublic. “Increased capacity and recent strong market performance suggest that insurance costs are commensurate with loss costs.”

“Nevertheless, we have seen some moderation in price declines, particularly in the healthcare sector, following high-profile attacks in the first half of 2024. As a result, we expect market conditions to stabilize from now on and reach a landing point that offers attractive long-term options for buyers and operators.”

Why cyber insurance is becoming increasingly important for businesses

Cyber ​​insurance can help businesses absorb the costs of a successful cyberattack or the penalties incurred for violating increasingly stringent compliance regulations. Losses per incident rise to $4.45 million in 2023IBM said that was partly because it took longer to investigate the breach.

A Splunk report released last month found that the top cause of unplanned downtime at the world’s largest companies is Human Error in CybersecurityFor example, clicking on a phishing link. Downtime costs them $400 billion per year, about 9% of their profits.

Downtime caused by cybersecurity incidents results in direct financial losses, including lost revenue, regulatory fines, and overtime pay for employees who correct the issues. The report also reveals hidden costs that take longer to have an impact, such as reduced shareholder value, stagnant developer productivity, and damaged reputation.

In addition to the rising costs associated with cyberattacks, they are also becoming more successful. In April, a Kaspersky study found that the number of devices infected with data-stealing malware had risen by 1.3% year-on-year. Increased sevenfold Between 2020 and 2023. Last month, insurance broker Marsh revealed that they had received More than 1,800 cyber claims from North American customers In 2023, that number hit an all-time high as businesses were hit by ransomware.

look: 87% of UK businesses unprepared for cyberattacks

Still, there is evidence that companies are strengthening their defenses against cyberattacks. According to a 2024 report from Mandiant, the average dwell time (the amount of time an attacker can remain undetected in a target environment) for organizations worldwide is From 16 days in 2022 to 10 days in 2023 It is currently at its lowest point in more than a decade.