Cyber insurance premiums drop despite rising ransomware attacks. Businesses improve security, and insurers see the opportunity.
Broker Howden said in a report on Monday that cyber insurance premiums are falling globally as businesses become more adept at curbing their losses from cyber crime, even as ransomware attacks are rising.
Insurance premiums to protect companies against cyber-attacks rocketed in 2021 and 2022 as the COVID-19 pandemic drove cyber incidents.
However, premiums have been dropping in the past year, according to the annual Howden report. Howden said the cyber insurance market saw double-digit price reductions in 2023/24.
Added security, such as multifactor authentication, has helped to protect companies’ data, reducing insurance claims.
“MFA is the most basic thing you can do; it’s like locking the door when you leave the house,” said Sarah Neild, head of UK cyber retail at Howden.
“Cyber security is a many-layered beast,” Neild added, pointing to greater investment in IT security, including staff training.
“On the whole, clients are more robust.”
Neild said insurers’ greater appetite for offering cyber insurance also leads to price decreases, even with attacks rising.
Global ransomware attacks fell following Russia’s invasion of Ukraine in February 2022, as hackers in those countries focused on the military effort.
However, the report said that recorded ransomware incidents rose 18% in the first five months of 2024 compared with a year earlier.
Ransomware encrypts data. Typically, hackers offer a passcode to victims of an attack, enabling them to retrieve the data in return for cryptocurrency payments.
The report said business interruption is usually the biggest cost following a cyber attack, but businesses can reduce those costs with better backup systems, such as using cloud providers.
Also Read: Enhancing Security Operations with AI-driven SOC Insights
Most cyber insurance business is in the United States. Still, growth in the $15 billion global cyber insurance market will likely be fastest in Europe in the next few years, given the current lower penetration levels, the report said.
The report added that smaller firms are less likely to buy cyber insurance, partly because they are less aware of cyber risk.