Part Five: Reviewing Key U.S. Insurance Decisions, Trends, & Developments | Hinshaw & Culbertson – Insights for Insurers

Cyber Security And Privacy Insurance Claims

This is the fifth installment of our series of articles reviewing some of the key trends and developments currently impacting the U.S. insurance industry.

To date, the vast majority of cyber coverage decisions have involved traditional first-party, third-party, and crime/fraud policies. Claims under these policies are commonly referred to as silent cyber claims. Most insurers in the cyber-insurance market have now issued several iterations of cyber-specific policies. Rulings under these policies are expected to be rendered with increasing frequency over the next couple of years.

  • Indeed, cyber-insurers experienced a steep increase in claims over the past couple of years, driven primarily by ransomware, often coupled with data extraction and business email compromise events. The costs associated with ransomware claims, in particular, have risen dramatically due to increased ransom demands, threats to disclose extracted data, and related business interruption costs. The pandemic-driven massive shift to remote work spurred additional cyber claims activity. As a result, industry leaders are anticipating a hardening of the cyber-insurance market, as well as increased premiums and underwriting scrutiny.
  • Zurich and Advisen’s 11th Annual Information Security and Cyber Risk Management Survey was released in October 2021.[1] Among the interesting finding, 83% of respondents now buy cyber insurance, with 66% carrying stand-a-lone cyber policies.[2] The survey concluded that triple-digit premium increases, vanishing capacity, shrinking coverage, and shifted expectations around baseline controls have joined long-term frustrations over inconsistent policy language to create a truly challenging renewal process for insurance buyers. Uncertainties around risk assessment and incident response are major concerns.[3]
  • According to the survey, ransomware has risen to the top of priority lists worldwide. For the first time, cyber extortion/ransomware has pulled even with data breach, with 95 percent of respondents selecting it as a cover­age they expect to be included in their policies.[4] It was followed by data restoration at 90 percent, business…