ACSC hosts 2nd Annual Cyber Insurance Market Briefing
Background:
What has changed for you and your cyber insurance policy in the past year? Over the last year ACSC members have seen rates and retentions rise while changes to provisions like “Act of War” have reduced coverage. That’s why we invited the cyber insurance experts to dive into a conversation with our members on current market trends along with broker and underwriter perspectives. This well-attended session drew participants from the CISO and Legal Counsel Networks along with some ACSC Board Members. Cyber insurance continues to be a place where members value the market perspective and appreciate insights from their peers.
The experts:
Lauren Crean, Managing Director, Head of Corporate Insurance, State Street
Meredith Schnur, Managing Director, US and Canada Cyber Brokerage Leader, March USA
Key takeaways from the session:
- The cyber insurance market isn’t softening, but the continued rise in prices is slowing. While you should still expect higher premiums year-over-year, the rate of increase has plateaued since the peak of 2021 as carriers continue to understand the risk and introduce new strategies based on ransomware controls and accumulation risk.
- Organizations are being asked to provide more sensitive information as underwriters assess processes and procedures to better understand strategic risk.
- Customers are re-evaluating limit and retention levels to adjust to the firm market conditions.
- Ransomware and extortion incidents reported on data leak sites continue to be high; and large data breaches in recent years continue to exhibit potential for substantial financial impacts and loss.
- Ripple events are a concern and a topic of much discussion in this space. A systemic ripple event is when a single issue, incident or event impacts many organizations at once.
- Two common challenges seen in incidents stem from 1) organizations understanding larger security concepts – like the principle of least privilege – but not how often it is compromised in specific processes, and 2) underestimate the combination of the threat landscape and a vulnerability becoming targets of opportunity.