The need for cyber insurance has reduced drastically as businesses worldwide upgrade their defenses against rising cyber threats, according to a recent report by Howden. Despite an uptick in ransomware attacks, premiums for cyber insurance have declined globally. This shift comes as businesses enhance their cybersecurity measures, mitigating potential losses from cyber incidents. In the wake of the COVID-19 pandemic, cyber insurance premiums surged in 2021 and 2022 due to increased cybercrime activity. However, the latest annual report from Howden reveals a noteworthy decrease in premiums over the past year. The cyber insurance market experienced significant price reductions, reflecting improved security practices and technologies businesses adopt.

The Need for Cyber Insurance Declines

Sarah Neild, Head of UK Cyber Retail at Howden, emphasized the critical role of multifactor authentication (MFA) in safeguarding company data. "MFA is fundamental, akin to locking your door when leaving the house," Neild remarked. She highlighted the multi-layered nature of cybersecurity, noting increased investments in IT security and employee training which have collectively bolstered resilience against cyber threats. Despite the rising frequency of ransomware incidents, the report highlighted a drop in global ransomware attacks following geopolitical events. Nevertheless, recorded ransomware incidents spiked by 18% in the initial months of 2024 compared to the previous year. Ransomware typically involves encrypting data and demanding cryptocurrency payments in exchange for decryption keys. Business interruption remains a significant cost post-attacks; however, businesses are mitigating these costs with robust backup systems, including cloud-based solutions, as outlined in the report.

Firms are Less Likely to Invest in Cyber Insurance

While the United States dominates the cyber insurance market, Europe is expected to witness accelerated growth in the coming years, driven by increasing awareness and adoption among businesses. Smaller firms, despite facing heightened cyber risks, are less likely to invest in cyber insurance due to limited awareness and perceived complexities. Earlier in 2024, Howden introduced a new cyber insurance platform tailored for small and medium-sized enterprises (SMEs). This initiative aims to simplify the process of obtaining comprehensive cyber insurance coverage, crucial for protecting businesses from financial devastation following cyber incidents. The platform, designed for SMEs with revenues up to $250 million, offers streamlined access to up to $6 million in coverage, supported by leading global carriers. Jean Bayon de La Tour, International Head of Cyber at Howden, highlighted the platform's user-friendly interface and rapid quotation process, facilitated by open APIs. This approach ensures that SMEs receive high-quality cyber insurance without the traditional complexities associated with policy procurement. The platform also integrates advanced data analytics tools, including Cyberwrite, to empower businesses with actionable insights pre- and post-policy issuance. Shay Simkin, Global Head of Cyber at Howden, emphasized the platform's role in bridging the cyber insurance gap for SMEs, critical given the growing cyber threats faced by small businesses. Simkin stressed the platform's comprehensive coverage terms, including breach response and enhanced policy wording, aimed at fortifying businesses against cyber threats.

A new survey, "Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders," highlights the impact of cyber insurance on security investments. According to the report, 97% of organizations with a cyber policy enhanced their defenses to comply with insurance requirements. Among these, 76% stated that the improvements helped them qualify for coverage, 67% achieved better pricing, and 30% obtained improved policy terms. The survey, conducted by security company Sophos, also revealed that recovery costs from cyberattacks are outpacing insurance coverage. Only one percent of those that made a claim said that their carrier funded 100% of the costs incurred while remediating the incident.

Cyber Insurance and Cyber Defenses 2024

The most common reason for the policy not paying for the costs in full was because the total bill exceeded the policy limit. According to The State of Ransomware 2024 survey, recovery costs following a ransomware incident increased by 50% over the last year, reaching $2.73 million on average.  “The Sophos Active Adversary report has repeatedly shown that many of the cyber incidents companies face are the result of a failure to implement basic cybersecurity best practices, such as patching in a timely manner. In our most recent report, for example, compromised credentials were the number one root cause of attacks, yet 43% of companies didn’t have multi-factor authentication enabled,” said Chester Wisniewski, director, global Field CTO.   “The fact that 76% of companies invested in cyber defenses to qualify for cyber insurance shows that insurance is forcing organizations to implement some of these essential security measures. It’s making a difference, and it’s having a broader, more positive impact on companies overall. However, while cyber insurance is beneficial for companies, it is just one part of an effective risk mitigation strategy. Companies still need to work on hardening their defenses. A cyberattack can have profound impacts for a company from both an operational and a reputational standpoint, and having cyber insurance doesn’t change that.”  Across the 5,000 IT and cybersecurity leaders surveyed, 99% of companies that improved their defenses for insurance purposes said they had also gained broader security benefits beyond insurance coverage due to their investments, including improved protection, freed IT resources and fewer alerts.  “Investments in cyber defenses appear to have a ripple effect in terms of benefits, unlocking insurance savings that organizations can be diverted into other defenses to more broadly improve their security posture. As cyber insurance adoption continues, hopefully, companies’ security will continue to improve. Cyber insurance won’t make ransomware attacks disappear, but it could very well be part of the solution,” said Wisniewski.  Data for the Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders report comes from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.

Globe Life disclosed a recent cybersecurity incident that may have resulted in unauthorized access to its consumer and policyholder information. Globe Life is a Texas-based insurance holding company. It offers life, health, and worksite insurance products and services to consumers nationwide through its subsidiaries. The company has over 3,600 employees and also owns several insurance providers like Liberty National, United American and Family Heritage Life. The company had also been accused of shady financial tactics and business operations by short sellers Fuzzy Panda Research and Viceroy Research, allegations the company has denied.

Globe Life Breach Discovery and Containment

According to Globe Life's filing with the SEC, the company had conducted a security review on one of its web portals to discover potential vulnerabilities that may have affected its access permissions and user identity management. The investigation was prompted by a legal inquiry from a state insurance regulator on June 13, 2024. The review revealed that an unauthorized party may have accessed the company's web portal, compromising sensitive customer and policyholder data. The company stated that it had immediately revoked external access to the affected portal upon breach discovery. Globe Life said that at this stage, it believes the security issue is isolated to the one web portal. All other company systems remain fully operational. Globe Life added that it expected minimal impact to its business operations after the take down of the affected web portal. The company has activated its cybersecurity incident response plan and engaged external forensics experts to investigate the breach's scope. In its SEC filing, Globe Life disclosed that the investigation remains ongoing. The full impact and nature of the incident are unclear at the moment.

Incident Comes After Scrutiny Over Business Tactics

The company said it has yet to determine if the breach qualifies as a reportable cybersecurity incident under the SEC's disclosure rules. The disclosure comes amidst increasing scrutiny and financial setbacks suffered by the company. The Texas-based insurer has faced allegations of fraudulent sales tactics and other business and workplace improprieties. The short sellers Fuzzy Panda Research and Viceroy Research had made these allegations public in April 2024. While the company has continued to deny these claims, its share price has dropped by 24% since the publication of the Fuzzy Panda report. The reports claimed that Globe Life and its biggest subsidiary, American Income Life (AIL), had engaged in insurance fraud, framing of policies for dead and fictitious individuals, withdrawal of consumer funds without approval, unfair dismissal, misleading sales tactics and illegal kickbacks. They also alleged that some of AIL's most profitable agents had faced accusations of kidnapping, assault and child grooming from defendants, witnesses and plaintiffs. It remains unclear if the state insurance regulator contact that led to the breach discovery is related to these allegations. Insurers like Globe Life are regulated at the state level rather than federal level. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.