Just a few months ago the cyber insurance market was softening. The previous year’s prohibitive increases in premiums had begun to attenuate. But the recent uptick in the frequency and sophistication of cyberattacks is again giving pause to cyber insurers, making it more difficult for companies to obtain the coverage they require.
Unlike traditional insurance products, such as auto or home insurance, the industry lacks the historical data needed to accurately price this risk. Now, with a growing number of companies making claims on their cyber insurance policies, there is renewed financial pressure on insurers leading to tighter underwriting, with insurers raising premiums or limiting coverage to manage their risk exposure.
A POLICY SHIFTING EVENT
You’ve likely heard of the MOVEit file transfer zero-day. In the past several months, hundreds of organizations have fallen victim to the CL0P ransomware group, which exploited a zero-day SQL injection vulnerability in Progress Software's MOVEit Transfer, a Managed File Transfer (MFT) application used for secure file sharing.
Progress Software disclosed this vulnerability (CVE-2023-34362) in late May, with a severity rating of 9.8 out of 10. The supply chain attack has affected major financial, healthcare, insurance, education, and government institutions, impacting an estimated 35 million individuals. Even some organizations not using MOVEit Transfer directly, but connected via third-party contractors, have been compromised.
This incident highlights the ongoing, evolving threat of cybercrime and the need to bolster cybersecurity measures, no matter the maturity of an organization’s security posture.
THE IMMEDIATE EFFECT ON CYBER INSURANCE
Progress Software says it plans to claim the $15 million cyber insurance policy to cover losses from class action lawsuits and fines related to the event. Claims such as these, along with the general lack of historical data and risk models, are expected to increase premiums and raise coverage requirements across the entire business landscape.
Cyber insurance policies have already become more expensive while offering narrower coverage, with many companies experiencing significant premium increases. As the market matures, premiums may eventually stabilize, but the trend towards more costly policies with reduced coverage is likely here to stay.
COVERAGE FOR QUADRANT CUSTOMERS
While cyber coverage is becoming more difficult to obtain across industries, Quadrant customers can take advantage of our zero-cost, zero-underwriting $500k cyber warranty, simply for relying on our XDR services.
Through our partner Cysurance, Quadrant’s XDR service underwent rigorous vetting, giving us the ability to provide a warranty to organizations that depend on us for monitoring and response. This Cyber Financial Protection Program is currently available to all Quadrant XDR customers that are interested in participating.
Want to learn more? Get in touch today!