Most Insurers Mandate MFA, But Premiums Are Still Soaring

US cyber-insurers are increasing premiums and lowering coverage limits despite mandating stricter security controls as a pre-requisite for coverage, according to a new report.

The US Cyber Market Outlook from wholesale insurance broker Risk Placement Services warns that providers have been “battered” by higher-than-anticipated recent losses and are now generally charging much more for less coverage.

“Over the past year, we’ve seen the challenges of the COVID-19 pandemic and increasing frequency and severity of ransomware attacks put pressure on the US cyber liability market,” said RPS national cyber practice leader Steve Robinson.

“While this market dynamic developed quickly, within a matter of months, longstanding underwriting issues in this market, as well what had been a growing mismatch between exposures and underwriting, helped to create the current situation and the imbalance between coverage supply and demand.” 

Sectors hit hard over the past year, including education, government, healthcare, construction and manufacturing, have seen premiums increase by 300% or more at renewal time. This is even if corporate policyholders have the right set of security controls in place.

Such controls are becoming increasingly widespread, according to RPS. Multi-factor authentication (MFA) is now described as a “must-have” to even qualify for coverage.

Insurers are finding other ways to reduce their risk of losses, the report claimed.

“Insurance companies are incorporating the same scanning technology used by hackers into their own underwriting process. This allows them to assess an organization’s perimeter security and also develop a metric-based estimate for a potential cyber-attack,” it claimed.

“These scanning tools can be used to identify unused, vulnerable open ports that could provide a bad actor with a network entry point.”

The RPS findings are backed by other research this year. A Government Accountability Office (GAO) study from May claimed that take-up of cyber-specific insurance policies had doubled to around half (47%) in 2020, but that successful attacks had also led to rising premiums and reduced coverage limits for some.

What’s Hot on Infosecurity Magazine?