RWS_Q4_23

Admit it, cyber insurance probably isn’t at the top of the list of things you want to talk about. Premiums are skyrocketing. Insurance companies are making it harder and harder to qualify. There’s ever more paperwork. And the attacks that make cyber insurance an absolute necessity for your MSP business, as well as your clients, keep ratcheting up. It’s enough to make any technology business owner want to tear their hair out. So, is there any end in sight? The short answer is yes, the experts say. The cyber insurance market will stabilize … eventually. But we’re probably in for a rough couple of years before that happens. In the meantime, here’s what you need to know to get a handle on cyber insurance in your MSP. Insurance Oversold First, a bit of backstory to understand how we got to this place: insurance companies made some mistakes. In 2018 and 2019, insurance carriers seemed to be channeling Oprah Winfrey’s famous car giveaway, said Wes Spencer, vice president and channel chief for cyber insurance broker FifthWall Solutions. “All the carriers were like, you get insurance, you get insurance, you get insurance.” The thinking was that cybercrime was something for big targets such as banks to worry about, not smaller businesses. Chris Wilkerson, vice president of risk and head of insurance at Blackpoint Cyber, agreed that insurance carriers saw cyber insurance as a massive opportunity to generate revenue, and so they sold as much of it as they could. “It became a bit of a free-for-all to aggregate premium,” he said. The problem is that the carriers didn’t yet have enough data to price cyber insurance properly so the strategy was to sell as much of it as possible and hope for the best. In 2020, that strategy blew up in their faces. “COVID was one of the things that really pushed this up into the stratosphere,” said Spencer. “We see a volume of attacks going up and the cost of those attacks going up.” Loss ratios – how much an insurance company pays out versus how much they’re offering – jumped to more than 75 percent. For context, a 10 percent loss ratio is considered good. In other words, the insurance companies started taking a bath on cyber policies. Rising premiums are therefore a sign of insurance companies trying to match their cost to the risk. As long as the risk of cyber attacks remains high, cyber insurance will continue to get more expensive. But there are positive signs that we’ll hit a leveling off point in the next couple of years. “The carriers are pushing more maturity onto clients and forcing them to do more,” said Spencer. As companies get their cyber security protocols tuned up, the risk of becoming a victim to cyber attacks goes down. That means fewer insurance claims, which brings loss ratios down for the insurance carriers. Spencer estimates that if the industry can get cyber loss ratios down to 35 or 40 percent, the cost of insurance might stabilize. Wilkerson also sees the industry trending toward stability. “Once we normalize, we [will] probably have What MSPs Should Know About Cyber Insurance By Jennifer Tribe SECURITY CYBER 21 REMOTE WORK SOLUTIONS rwsmagazine.com

RkJQdWJsaXNoZXIy NTg4Njc=