With over three decades of expertise in the Life Insurance sector, I've come to realize there's nothing more vital for safeguarding your business than cybersecurity. Whether you're a financial advisor, an insurance agent, a broker-dealer, or a principal of a brokerage agency, a single cyberattack could devastate your business. Adopting a Zero Trust approach is essential. Moreover, cybersecurity is crucial for meeting regulatory and compliance obligations. I urge you to conduct audits on your network and website. I'm here to assist you in securing a complimentary audit. Now, let's delve into some key insights on cyber insurance, compliance, and security.

The global cyber insurance market tripled in volume in the last five years, expanding to gross direct premiums of around $13 billion in 2022, according to the Swiss Re Institute (SRI). In two years, the market has seen rate increases and re-underwriting to restore profitability. Swiss Re Institute expects premiums to grow to $23 billion by 2025.  

There has been a surge in submissions. Over the last half-decade, there has been notable maturity in this sector. With access to comprehensive data and accumulated experience, insurers now have a more refined framework for assessing and pricing cyber risks.

However, recent industry reports highlight some concerning areas. Loss ratios are on the rise, cyber insurance limits are shrinking, and coverage terms are becoming more restrictive, all impacting insurers' efforts to manage their risk exposure effectively.

Given the evolving cyber landscape, insurers continuously recalibrate strategies. They maintain rigorous underwriting practices, emphasizing the importance of advanced cyber hygiene. Consequently, coverage terms are closely aligned with an organization's level of preparedness. Establishing a strong Cybersecurity Program is one of the first steps towards meeting insurance and regulatory demands. A Cyber Program Management System like Buckler can fast-track policy management and compliance. While there was a decline in claims and ransomware incidents in 2022, there was a resurgence in 2023. In the United States alone, ransomware events spiked by 75% within the first six months of the year, according to a report by Malwarebytes Inc. Even with this as a driver, enterprises and agencies often wait to see fines and enforcement from regulators before taking action themselves. Swift changes are happening with the SEC’s new cyber rules, coverage restrictions for systemic risk and privacy violations and increased expectations for cybersecurity. 

Certain industries, such as financial services, professional services, technology, and healthcare are particularly susceptible to cyber threats with high volumes of private data. These sectors, along with their associated supply chains, face high, or extremely high, levels of risk. Consequently, many organizations in these sectors are turning to specialized solutions offered by insurance brokers, carriers, and solution providers to better manage and mitigate risks effectively.

Three Significant Trends Shaping the Cyber Insurance Industry

1. Increased Security Requirements

As cyber threats become more sophisticated, insurers take a more proactive approach to risk management by implementing stringent security standards for their clients. This trend is evident in the growing prevalence of detailed security questionnaires that insurers require businesses to complete as part of the insurance application process.

Businesses seeking cyber insurance must be prepared to provide comprehensive information about their cybersecurity posture and demonstrate adherence to industry best practices and cyber regulations.

HIGHLIGHT: In regions where rates rose, the trend was for a slower pace of increase. Insurers continued to focus on cybersecurity controls, typically looking for year-over-year improvements. (March 2024 Global Insurance Market Index)

2. Increased Scrutiny During the Claims Process

In the event of a cyber breach, insurers will often conduct thorough investigations to determine whether the insured party complied with the security requirements outlined in their insurance policy. Insurers may deploy teams of experts to assess the insured party's cybersecurity practices and verify their compliance with the terms of the policy.

If the insured party is found to be non-compliant with the security requirements, the insurer may deny the claim, leaving the business responsible for covering the costs of the cyber breach. This trend underscores the importance of maintaining robust cybersecurity measures and regularly reviewing and updating security protocols to ensure compliance with insurance requirements.

HIGHLIGHT: It’s also not unusual for cyber insurance claims to get rejected. This is usually either on account of exclusions or poor cybersecurity hygiene on the part of the insured. Estimates from Marsh’s Global Insurance Market Index suggest that around 27% of cyber insurance claims were not honored or were partially paid due to exclusions within the cyber cover.

3. Rising Premiums

As cyber threats continue to evolve and breaches become more frequent and costly, insurers are adjusting their pricing models to reflect the heightened risk environment. This trend is particularly pronounced for businesses in high-risk industries or those with a history of cyber breaches, like the financial services industry.

Businesses should be prepared for the possibility of higher cyber insurance premiums and factor these costs into their overall risk management strategy. Investing in proactive cybersecurity measures and demonstrating a commitment to risk mitigation may help businesses negotiate more favorable premium rates with insurers.

HIGHLIGHT: The cost of Cyber Insurance in the 2nd quarter of 2022 rose to 79% in the US. Marsh’s Global Insurance Market Index. While premium costs fell by 6% in the third quarter of 2023 compared with the same quarter in 2022, ransomware- and privacy-related claims had already skyrocketed from the previous year, according to risk management consultancy Marsh. (Dark Reading)

The cyber insurance landscape is evolving rapidly. Insurers are implementing stricter security requirements, increasing scrutiny during the claims process, and raising premiums to reflect the growing cyber risk landscape. To effectively navigate these trends, businesses must prioritize cybersecurity investments, maintain compliance with insurer requirements, and proactively manage cyber risks. By staying informed about emerging trends and working closely with experienced solution providers, businesses can protect themselves against the financial impact of cyber incidents to ensure their long-term resilience in an increasingly digital world.

Sample industry solutions that can remove or mitigate risk for stronger cyber insurance alignment are:

• Buckler: A cyber program management system with built-in regulatory compliance and evidence proof for easier program management and communication across teams, leadership, and boards.

• Open VRM: A (zero-cost) vendor risk management (VRM) platform that can be leveraged by clients and their vendors to save time and resources managing vendor risk.

• FCI: An MSSP delivering zero-trust integrated, automated cybersecurity solutions that fill control gaps across endpoints, networks, applications, and users.

The Congressional Conference is a NAIFA members' best opportunity to experience the power of grassroots advocacy first-hand in our nation's capital. Attendees really do make a difference on behalf of their businesses, clients, and communities. Networking allows them to be inspired and share ideas with politically involved colleagues. Training, policy briefings, and expert speakers give them the knowledge and guidance they need to be effective advocates. Meetings with lawmakers allow NAIFA members to speak with a unified voice and forge meaningful relationships with people whose decisions impact the financial security of every American.

If you, as a NAIFA leader, are not registered to attend the Congressional Conference May 20-21, please sign up today. Also, be sure to spread the word. The more people who attend, the louder and more influential our voice. Let's represent NAIFA, NAIFA-Texas and our clients!

NAIFA-Texas members, mark your calendars for April 11th at 11:00 AM Central (12 pm Eastern) for the Q2 State of NAIFA webinar. Learn about the latest on NAIFA’s progress, advocacy efforts, and how you can get the most out of your membership.

This 30-minute webinar will feature insights from Tom Cothron, NAIFA President, Kevin Mayeux, NAIFA CEO, and Diane Boyle, NAIFA SVP of Government Relations. They'll provide a comprehensive update on NAIFA's current position, our advocacy work, and  NAIFA programs aimed at supporting your professional development.

Attending is key to staying informed about the latest NAIFA initiatives and understanding how these efforts contribute to the financial services profession. If you're unable to join live, simply register for the event, and national will send you the recording to ensure you don’t miss out on this valuable webinar.

This webinar represents an important opportunity for all members to engage directly with NAIFA's leadership, to gain insights into our collective progress, and to see how together, we're shaping the future of our industry. 

The quarterly State of NAIFA reports demonstrate NAIFA's commitment to transparency. They are also a great way for leaders and members to stay abreast of everything going on with their association. The online event is open to anyone interested in NAIFA's success, so please invite members and nonmembers, alike.

Awards applications are starting to roll in for 2024. Don't miss your opportunity to shine! We are pleased to announce a new category for the NAIFA Quality Award. We have launched an Emeritus category for members who are at least 60 years old and who have previously qualified for NQA for a minimum of 15 years.

NAIFA's awards provide an opportunity for our members to differentiate themselves from the crowd and receive national recognition for their contributions. All awards are found in NAIFA's Talent Development Center.

All of the awards will close their application/nomination process on May 31, 2024. Please note the slightly shortened time frame of the awards' window due to the Belong Awards Celebration being held in conjunction with Apex 24. 

Recipients will be recognized during the 2024 Belong Awards Celebration on September 21, 2024, during Apex at the Arizona Biltmore in Phoenix.

Explore these awards and learn more about our 2023 recipients.

John Newton Russell Memorial Award

Terry Headley Lifetime Defender Award

NAIFA Quality Award

Advisor Today's 4 Under 40 Nomination

YAT Leader of the Year

Diversity Champion