How about some cyber insurance stats? Thanks to listener Steve, I was tipped off to the NetDiligence 2021 Annual Cyber Claims Study. 99% of the claims reviewed were “Small to Medium Enterprises”, although that’s defined as less than $2 billion in revenue.
In 2021, more than 46% of companies are opting to obtain cyber insurance coverage, and they’re finding their premiums have skyrocketed because loss ratios for standalone cyber insurance have risen to 73%.
Since 2016, the proportion of claims caused by criminal activities has ranged from a high of 83% to a low of 69%. The proportion of claims caused by non-criminal activities decreased from 28% in 2019 to 17% in 2020.
And this observation: “There is no clear correlation between the size of an entity and the magnitude of a cyber-related loss. Sometimes a smaller organization will experience a very expensive claim (>$100M) and a large organization will have a claim so small (less than $5,000) that it makes one wonder why the claim was filed in the first place. In fact, the most expensive incident during the five-year period occurred at an SME. “
Why do we care?
The granularity of the data – two billion is not small, by my definition – makes some of the claims of little difference between big and small of questionable merit… but then again, if this is the way the industry is measured, does it matter what I think?
So, roughly three-quarters of incidents are criminally based. Or one quarter is non-criminal. Both views have some merit.
My big takeaway here remains the 73% increase in loss ratios. That’s unsustainable, so expect premiums to continue to go up… and the barrier to entry to come right along with it.