Why are cyber premiums 'going gangbusters'?

'Carriers were not prepared' for ransomware-as-a-service

Tom Allen
clock • 3 min read

Five years ago carriers thought of cyber insurance as “stealing candy from babies” - but they were totally unprepared for how the market has changed.

Wes Spencer and a slide about the recent history of cyber insurance

How did we get here?

So what happened? How did we get to an insurance market where premiums can go up 10x in a year?

To answer that we have to look back to the late 2010s, when groups like GandCrab realised SMEs were low-hanging fruit. This was the start of ransomware-as-a-service. The volume - and cost - of attacks started to scale, and "carriers were not prepared."

Demand for cyber insurance "rocketed" up in 2020, and underwriting "began to actually get serious."

The rate of incidents began to slow last year, which Spencer thinks is mostly down to most criminal groups operating out of Russia turning their attention to Ukraine - but premiums remain high, and he expects attacks to climb again after the war.

"It's not that these bad guys are out there holding AK47s, but they are partnering with kinetic warfare… We've seen a 200% increase in [cyber]attacks from Russia against Ukraine, and they're not asking for money; it's just a smash and grab."

You may also like
NCSC and insurers unite to fight ransomware threat

Threats and Risks

First rule: 'Don't panic'

clock 15 May 2024 • 3 min read
Cybersecurity Festival 2024: Four ways to cut your cyber insurance premiums

Finance

Certifications mean nothing without action

clock 08 May 2024 • 4 min read
'A generation of entitlement': Against Big Tech in the fight for talent

Careers and Skills

It's not all about the money any more

clock 01 May 2024 • 4 min read

More on Security

'Gay furry hackers' breach conservative US think tank behind Project 2025

'Gay furry hackers' breach conservative US think tank behind Project 2025

Heritage Foundation calls group "degenerate perverts"

Tom Allen
clock 11 July 2024 • 2 min read
Why 'change' for the UK must include cybersecurity

Why 'change' for the UK must include cybersecurity

Labour needs to to get ahead and demonstrate a commitment to security from the outset

Rick Jones
clock 11 July 2024 • 4 min read
Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

Mammoth Microsoft Patch Tuesday fixes four zero-days, five critical bugs

142 holes plugged this month

John Leonard
clock 10 July 2024 • 3 min read