Cyber insurance rates fall as businesses improve security, report says

Cybersecurity test ahead of Olympics

LONDON (Reuters) - Cyber insurance premiums are falling globally as businesses become more adept in curbing their losses from cyber crime, even as ransomware attacks are rising, broker Howden said in a report on Monday.

Insurance premiums to protect companies against cyber attacks rocketed in 2021 and 2022, as the COVID-19 pandemic drove cyber incidents.

But premiums have been dropping in the past year, according to the annual Howden report. The cyber insurance market saw double-digit price reductions in 2023/24, Howden said.

Added security such as multifactor authentication has helped to protect companies' data, reducing insurance claims.

"MFA is the most basic thing you can do, it's like locking the door when you leave the house," said Sarah Neild, head of UK cyber retail at Howden.

"Cyber security is a many-layered beast," Neild added, pointing also to greater investment in IT security, including staff training.

"On the whole, clients are more robust."

Greater appetite by insurers to offer cyber insurance is also leading to price decreases, Neild said, even with attacks rising.

Global ransomware attacks fell following Russia's invasion of Ukraine in February 2022, as hackers in those countries focused on the military effort.

However, recorded ransomware incidents rose 18% in the first five months of 2024 compared with a year earlier, the report said.

Ransom software works by encrypting data. Typically, hackers offer a pass code to victims of an attack, enabling them to retrieve the data in return for cryptocurrency payments.

Business interruption is usually the biggest cost following a cyber attack, but businesses are able to reduce those costs with better back-up systems, such as through the use of cloud providers, the report said.

Most cyber insurance business is in the United States, but growth in the $15 billion global cyber insurance market is likely to be fastest in Europe in the next few years, given lower penetration levels currently, the report said.

Smaller firms are less likely to buy cyber insurance, partly due to lack of awareness of cyber risk, the report added.

(Reporting by Carolyn Cohn; Editing by Alison Williams)