Cyber insurance market must get ready for cyber attacks, says Marsh

With 84% of large businesses having reportedly suffered a cyber attack in 2023, the question has changed from ‘if’ to ‘when’ an attack occurs.

The first quarter of 2024 marked a pivotal period in the UK cyber insurance market, characterised by a “buyer-friendly” environment driven by excess capacity and heightened competition among insurers, according to Marsh’s latest report on UK cyber trends.

The broker delves into survey results relating to rate trends, cyber resilience strategies and the implications of artificial intelligence (AI) on cyber risks and insurance claims.

Buyers are happy

In the first quarter of 2024 there was a significant shift in the UK cyber insurance market towards much more positive conditions for buyers, and increased competition among insurers, driven by surplus capacity, resulted in double-digit rate decreases; Marsh’s larger UK clients experienced an average rate drop of 12 percent compared to Q1 2023.

However, despite such a buyer-friendly environment and rate reductions, significant ransomware and privacy losses were reported as cyber threats continued.

A UK Government survey carried out in winter 2023/24 highlighted that 50 percent of all businesses and 84 percent of large businesses had experienced cybersecurity breaches or attacks in the past year.

Time to strengthen the human factor

As cyber threats remain pervasive and become more sophisticated, the focus within the insurance industry has therefore shifted from “if” to “when” an attack occurs, requiring robust cyber resilience strategies across supply chains and industries and more focus on sharing knowledge.

Human error continues to be a pivotal factor in cyber incidents, accentuating the need for companies to educate their employees on cybersecurity and, in particular, recognising phishing attempts.

Marsh’s report encourages proactive risk mitigation such as employee training programmes, paying attention to upcoming regulations and incident response planning.

Companies are urged to ensure their incident response plans have been crafted right down to the last detail, and regularly tested to guarantee swift and effective action in the event of a cyber attack as actions taken within the first 24 to 48 hours are crucial in containing incidents and maintaining business continuity.

Emerging AI-driven cyber risks

In the last few years technology has integrated into and facilitated business operations at an unprecedented speed, but this in turn has expanded the exposed attack areas, making robust cyber resilience strategies indispensable.

AI can be regarded as a double-edged sword in the realm of cybersecurity: it offers significant opportunities to enhance cybersecurity measures, but it also presents new risks.

Cybercriminals are increasingly leveraging AI to automate and facilitate attacks, with generative AI models such as ChatGPT enabling more sophisticated social engineering tactics, such as deep fake scams.

Marsh’s report highlights the growing threat of AI-driven cyber attacks, citing a recent deep fake scam resulting in a fraudulent payment running into tens of millions of pounds.

Heightened awareness and advanced security measures are urgently needed to counteract cyber threats which are anticipated to continue rising in frequency and increasing in sophistication.

On the flip side, AI is being harnessed to bolster cybersecurity defences, and AI-powered tools are enhancing the detection and prevention of phishing scams, thereby reducing the risk of malware attacks.

However, it’s not always straightforward to adopt AI because corporate liability and insurance coverage must be re-evaluated.

For businesses integrating AI into their operations, the potential for unexpected liabilities increases, making it crucial for insurers to have regular conversations with their insureds in order to adapt their policies to address each added risk.

The cyber risk landscape remains complex and organisations will have to prioritise cyber resilience to stay in business.

The entrance of AI into both sides of the cyber war has highlighted the need for adaptive strategies and continuously updated policies.

For reinsurance leaders, understanding the changing dynamics of the cyber landscape is crucial to ensure comprehensive risk management solutions that are able to evolve with the threats.

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.

Already registered?

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk

More on this story

Insurance

Cyber insurance market: what’s worrying insurers?

20 May 2024 For the second year running, the US cyber insurance market has generated strong direct underwriting profits, but written premium volume has stalled amid renewed pricing pressure, according to industry reports.

Insurance

Privacy and data protection have big impact on US cyber insurance market, says Kynd survey

20 May 2024 Value-added services voted top driver for cyber insurance.

Risk Management

More visibility needed across cyber portfolio, says Kynd survey

20 May 2024 Big plans in the pipeline to expand cyber expertise.