The cyber headlines worth questioning

When we talk about cyber claims frequency, we are referring to the percentage of policyholders who have experienced a claim divided by the overall policy count. And contrary to the headlines, our claims team actually didn’t notice a significant increase in the frequency of cyber claims during the height of Covid.

However, what Covid did do is increase businesses’ awareness of digital exposure as they shifted to a remote working environment, demonstrate that their largest asset is often their intangible assets, and show them that cyber insurance exists as an effective method of risk transfer. In turn, this drove more businesses to buy cyber than ever before.

And with more policies, there was a natural rise in claims, though this was proportionate to the overall policy count.

Remote Desktop Protocol, or RDP, allows users the ability to connect to a remote PC or server over the internet or on a local network.

RDP ports serve as the digital doors and windows to a business and if these aren’t secured properly, it can allow hackers system access and leave organisations vulnerable to attack. However, this is only one method to get into a network, and while open RDP ports were a popular infiltration method for a time, the tactics used by cybercriminals are constantly evolving.

During the last six to twelve months, we’ve been seeing a much higher number of claims stemming from undetected software vulnerabilities, which proves that it will take a multi-pronged approach to solving the ransomware pandemic and there isn’t a simple enough solution as just closing an RDP port to become secure. The threat landscape is constantly shifting, and clients and insurers need to evolve security practices and expectations with it.

You’ve likely seen companies promoting security reports that can perform external scans on a business. While it can certainly be helpful when discussing cyber insurance with a client, it’s important to stress that these scans don’t provide a complete picture.

The reality is that the vast majority of a business’s infrastructure and exposure lies on the inside of their networks. If surface scanning reports are solely relied on to show a company how vulnerable they are, they can do more harm than good if a company believes they are an accurate assessment without further analysis. While external scans of a client’s vulnerabilities provide insight into what criminals can easily detect from the outside, they unfortunately can lead to a number of false positives and work against the business.

Reports like these should only be used to supplement an insurer’s existing claims data which is a proven measure of what exposures are happening to clients in real time. A good cyber insurance provider will be able to offer deep scanning services and continuous monitoring throughout the policy term, not just at the stage of quoting.

A lot of headlines have been touting specific percentage increases to cyber rates as the claims environment becomes more severe. Not only do these figures get out of date quickly, but the reality is that renewal pricing is no longer a fair enough indicator of what the price should be for the new exposures faced.

In truth, the goal post is constantly changing when it comes to how rate responds to the claims environment and this depends on a number of factors, from systemic risk to which industries are being targeted to what new methods attackers are using to make money.

As we speak to clients about cyber rates, it’s important to understand that insurers aren’t just remediating against prior losses – they’re future-proofing against the latest security threat trends in order to protect the integrity and longevity of the line.

Unfortunately, past performance is not a predictor of future threats and rate response needs to be as dynamic as the cyber threat landscape.