Premiums for stand-alone cyber insurance rose by 62% in 2022 following a 91% increase in the prior year, according to a recent report by Fitch Ratings.
The deceleration was driven by a moderation of ransomware incidents, a heightened level of cyber risk awareness among corporate executives, and more strict enforcement of cyber hygiene standards by insurance companies, according to Fitch.
“You will likely see rates decelerate further,” Gerald Glombicki, a senior director in Fitch Ratings insurance group, said in an interview.
With ransomware attacks, criminals use malicious software to prevent companies from accessing their own computer files, systems or networks, and they demand ransom payments to have access restored. Such attacks can also involve threats to leak sensitive data to the public internet.
Ransomware purveyors extorted about $456.8 million from victims in 2022, down from $765.6 million the year before, according to blockchain analysis firm Chainalysis.
Experts say insurance companies’ demand for stronger cybersecurity practices from policyholders contributed toward fewer ransomware claims and decelerating premiums in 2022.
Recent research from Marsh McLennan shows that companies that implement security best practices — including multifactor authentication and endpoint detection and response — are less likely to suffer damage from an attack.
Still, insurers warn that ransomware remains a pervasive and evolving threat.
“If your conclusion is that the threat is getting better because premiums are going down, you’re going to put yourself in a bad spot in the face of a continuously escalating threat,” Allison Pan, senior vice president of emerging risks at insurance broker Marsh, previously told CFO Dive. “The bottom line is that the sheer threat has not gone down.”