This year has once again shown the domino effect that follows a crisis and the impact it has on businesses, from increasing rates to Russia's invasion of Ukraine. As we enter a new year, there are numerous lessons to be learned.
If we consider the conflict in Ukraine, the geopolitical situation led to sanctions against Russian-based companies, sharp increases in operational and energy costs, interruptions in supply chains, significant financial losses for companies around the world, and greater vulnerability to cyberattacks.
Businesses currently operate in a period of increased vulnerability to cyberattacks, with rising anxiety around cyberwarfare and information security systems. This is particularly true in industries that support crucial UK infrastructures such as aviation, transport, IT and telecoms and finance.
According to a City A.M survey of businesses, 79% of respondents across all industries had been the victim of a cyberattack this year, with 50% of those attacks resulting in a loss of data or money. These attacks have the potential to completely destroy businesses, resulting in data breaches, serious disruptions to regular business operations, lost revenue, and enormous financial expenses to investigate and restore systems.
The biggest shift in 2022 has been that absolutely no one is protected because hackers are increasingly targeting industries that were once considered classic "targets," such as finance. The pandemic's impact on the retention of work-from-home habits is one factor contributing to this rise.
In addition to making security more difficult to manage across more devices, locations, and communications platforms, remote working increased vulnerability and exposure to cyberattacks at the same time when hacker activity was sharply on the rise.
Since businesses are aware of this, cyber insurance is a crucial line of defense, despite its shortcomings. According to the poll, 77% of businesses believe their insurance protects them, at least in part, against the risk of cyberattacks. This is a significant improvement over the results of our previous survey from 2018, which indicated that only 30% of large enterprises have cyber-specific insurance.
However, there are concerns over the value and cost of this insurance. The price of cyber insurance has skyrocketed while the level of security offered has frequently been significantly diminished at a time when corporations are more vulnerable to cyberattacks and can least afford downtime.
Many policies now have more extensive exclusions, more limited definitions of coverage, and less incident response help available. Some forms of insurance, such as those covering ransomware or the expenses of their own IT interruption, may be outright inaccessible to the most susceptible firms. This poses severe concerns about the business insurance model since it makes protection considerably more difficult to obtain just when it is most required.
The environment is challenging for organizations attempting to defend themselves against cyber assaults. Researchers are observing rates rising and coverage declining, signs of a "hard market" in the insurance sector that has now lasted the longest on record and been prolonged by the current state of economic uncertainty. Following a high increase of 102% year over year in the first quarter, UK cyber insurance pricing climbed by 66% in the third quarter of 2022, according to Marsh's insurance pricing index. With an average premium cost that is already four times what it was in 2018, it is increasing much more quickly in the UK than in any other market.
Businesses are then forced to choose between investing in IT security and purchasing insurance coverage in case that security fails, which forces them to make difficult financial decisions. Insurance has a critical role to play in protecting organizations from unforeseen or unprotectable disasters and in promoting best practices in proactive security and incident response. This shouldn't be an either/or choice.
The insurance industry's response has been characterized by price increases ahead of projected losses, rather than taking action to assist businesses around the UK confronting an ever-increasing cyber threat. Instead, insurance companies should have a deeper comprehension of their clients' risk and offer assistance as a last choice.
With 2023 just around the corner and the possibility of cyberattacks becoming more and more common, businesses may find themselves in a difficult situation as they rush to find the best defense. Since cyber risk is not going away anytime soon, insurers need to prevent a situation where prohibitively expensive and inadequate coverage helps push enterprises even closer to the precipice.