A Year in Review: Key Trends Shaping Cyber Insurance in 2024

October 25, 2024

In 2024, the cyber insurance sector saw growth and increased competition. This change helped lower the premium increases that had happened in previous years. The average rate increase fell to 1.6% in the latest quarter, down from 20% a year ago. Risk carriers have a better understanding of price changes and underwriting practices based on their experiences between 2020 and 2022, partly due to contention from new market entrants. As a result, some insurers are now offering better terms, including lower premiums, reduced retentions, and sub-limits for policyholders.

However, as competition rises, so does the number of challenges, particularly for industries vulnerable to intrusions. For example, healthcare, government, and critical infrastructure experience higher liability with increasing complexities. The following sections outline the economies most exposed to threats and how private and public enterprises must adapt as the situation develops.

Reassessing Healthcare Insurance in the Face of Cyber Risks

The healthcare field is vulnerable because it uses fully computerized systems to manage sensitive patient data. While many clinics continue integrating their facilities with information technology help and digital solutions, hackers are attracted to valuable details they could take advantage of through malware. According to the Health IT Security 2024 forecast, ransomware will keep posing a massive threat in 2025, with cybercriminals ruining entire systems, possibly paralyzing them. 

Such intrusions can severely damage healthcare operations. The aftermath is not to be taken lightly; it can disrupt emergency departments, cause patient diversions, and worsen health outcomes, especially in already stressed hospitals. Many institutions cannot afford any unexpected downtime or interruptions, making them easy targets for hackers. As healthcare becomes more digital and relies on technology, the vulnerabilities also grow immensely. This makes it crucial for insurance underwriters to rethink their risk assessment and rating criteria for the healthcare sector.

Nation-State Cyber Threats Disrupting Energy and Utilities

Nation-state data breaches have increasingly targeted critical infrastructure in 2024, with more frequency and variations. Russia, China, and Iran have shown they can carry out attacks beyond superficial damage to their targets and have strategic consequences. It is assumed that these state-sponsored actors persistently aim for the infrastructure in industries most crucial to a country’s economic and safety protocols, such as energy, water, telecommunication, and transport systems.

The consequences are severe. Terrorist strikes on essential resources can disrupt electrical services and other utilities, cause significant financial losses, and threaten national security. Cutting off the energy or water supply could devastate people and the economy. Insurers must consider these increased risks when creating coverage and premium rates for these important domains.

Kyivstar and Ukrainian Banks Hit by Russian Cyber Attack

In 2023, Russian cyber actors attacked Ukraine’s largest mobile operator, Kyivstar, for three days. This infiltration interrupted services for 24 million customers. It is a clear example of how a nation-state infiltration can disrupt critical communication infrastructure. The incident not only cut off people’s mobile communications but also increased the risk of air strikes for millions of Ukrainians who lost access to vital warning signals. 

Additionally, Ukrainian banks, such as PrivatBank and Oschadbank, which provide ATM and card services, were also affected. This incident shows national cyber threat groups can cause significant operational and financial problems for government and private organizations.

Iranian Hackers Manipulate Water Systems with Exploited Software

Iranian hackers have also been acting in CTI space, and in 2023, they attacked US water utilities. A group linked to the Iranian government hacked into Israeli-made software that controls water systems. They exploited public-facing programmable logic controller manufacturing companies with poor default parameters, such as default passwords, to gain entry and manipulate and interfere with water systems in Pennsylvania. This interference not only hampered services but also conveyed a political sign where the assailants said: “Every piece of equipment ‘Made in Israel’ is a legal target.”

Insurers need a way to assess an organization’s risk based on how likely it is to be affected by technologies with known security weaknesses, like software developed in Israel. This information can help insurers identify trends in vulnerabilities within their portfolios and create a clearer picture of the potential losses from serious cyberattacks.

Risks from China and the Need for Targeted Insurance Coverage

China has also shifted up the scale of its virtual activities, primarily because of the transformation of its operations to sabotage areas relevant to Taiwan’s defense system. While the threats to the United States and Europe have not yet resulted in difficult attacks, Chinese hackers are improving their skills to target critical industrial systems and infrastructure in the future.

These operations need an insurance tool that assesses each domain’s exposure, including telecommunications, energy, oil and gas, and manufacturing sectors, potentially exposed to Chinese aggressors. By evaluating dangers to communication and Internet infrastructure, coverage providers can estimate losses from attacks on supply chains and services that are significant for national security and the world economy.

Advanced Risk Tools Help Insurers Navigate Growing Digital Hazards

Given the increasing frequency of incursions from state-sponsored hackers, related work demanded that the policy issuers incorporate more sophisticated products that include risk models. The capacity to evaluate and simulate catastrophic occurrences – including potential terrorist strikes on specified infrastructures and general contamination by malware – is going to significantly influence the capability of insurers to compete and correctly price policies in the new environment. State-of-the-art protection software will allow them to understand these threats and their potential consequences more comprehensively and make more informed decisions about the digital hazards they face in the increasingly hostile environment that has emerged.

Ultimately, NIST-Aligned Cyber Policies Are Crucial for Insurers

The cyber insurance market in 2024 is shaped by increased rivalry, refined underwriting data, and a better understanding of digital dangers. This intensity in the arena enables coverage providers to offer improved premiums, but policyholders must enhance their precautions. As a relatively new domain, policy issuers are evolving contingency models to tackle severe cyber incidents, utilizing sophisticated AI and analytics.

Risk management firms focus on industries such as healthcare and critical infrastructure, requiring proof of effective IT security measures to secure favorable premium rates. Policies that align with the NIST framework are likely to attract better deals.

As the sector expands and demand for lower premiums grows, players in the field must remain vigilant about vulnerability selection and underwriting amidst rising data breaches. Continuously enhancing exposure models and adapting to new trends is essential for navigating this complex landscape.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later