How Ransomware Threats and Regulatory Pressures are Driving Cyber (Re)insurance Sales

It’s been reported many times that regulatory pressure is the biggest factor driving investment in cyber security and the UK is undertaking a review for 2020. This study suggests it’s also driving insurance sales…:

What is motivating cyber (re)insurance sales? Guy Carpenter’s Cyber Year in Brief and 2020 Outlook explores how the threat of ransomware and associated high costs of regulatory actions have driven clients to purchase cyber insurance cover for the first time, or to reassess the adequacy of currently purchased limits.

Factors driving cyber insurance sales on the direct side include: 

• Swelling regulatory pressure driving cyber risk awareness at a governance level. The California Consumer Privacy Act (CCPA) represents one of the toughest data privacy laws in the United States. The CCPA, which took effect in January 2020, requires companies that store large amounts of personal information to disclose the types of data collected and to allow consumers to opt out of having their data sold. Taking a cue from California’s playbook, many other states have introduced their own consumer privacy and data security laws.

• An increase in the frequency and severity of ransomware attacks for businesses across a wide spectrum of industries, geographies and revenues.

• A push for clarification of cyber cover under non-traditional policies, with the goal of eliminating silent cyber uncertainty. This is driving the purchase of standalone cyber insurance as clients realize their traditional policies may not give them the coverage they assumed they had.

• Seamless interconnectivity between digital and traditionally non-digital environments is increasing, highlighting the inherent vulnerabilities of The Internet of Things and operational technology.

• A lack of dedicated resources and a growing awareness of the criticality of getting back up and running following an attack are increasing the realization among clients and small- and medium-sized enterprises of the need for breach response services.


Original article here