FROM THE EDITOR 

For me, the emergence of cyber insurance as a separate line dates back a decade, to when Target was hacked and had 40 million credit card numbers and personal information about 70 million customers stolen. Target was seemingly so well-protected, with its massive IT department and careful security procedures, and the vulnerability so seemingly trivial (in an HVAC system) that the news sent everyone scrambling. 
 
But what to do? 
 
Well, policyholders hoped their general liability policies covered cyber issues, or at least could be easily extended to cover those risks. Insurers, meanwhile, worked to make a clear division between GL and cyber and, in the face of such uncertainty and potentially enormous payouts, set rates as high as they could. Hackers, of course, plunged into what they saw as a huge payday. 
 
Ten years on, we seem to finally be approaching some stability. Yes, criminals have gotten much more sophisticated, moving well beyond hacks of credit card numbers and personally identifiable information to ransomware and other attacks that can shut down an entire business. Some even offer hacking-as-a-service or at least pool their efforts with criminals with expertise in certain parts of the hacking process. But insurers and their clients haven't stood still, either. They, in particular, have become better about training employees to avoid hackers and have developed much more sophisticated tools for spotting and stopping attacks. Governments have helped, too, by going after hackers, including tracking and recovering ransom payments made to them in cryptocurrency. 
 
No one is claiming victory. This is a Spy Vs. Spy scenario in which both sides will attack and counterattack as long as hackers see paydays to be had. But we do seem to have reached a much more mature understanding of the threat and of how to deal with it, both through better security and through insurance.
 
As you'll see in this month's interview, with Emma Worth Fekkas of Cowbell Cyber, the relentless increase in rates seems to have ended. In fact, she predicts rates will actually decline by the end of the year. 
 
Now, that's a change.
 
Cheers,
 
Paul

A New Era of Cyber Risk

Geopolitical conditions, specifically those related to Ukraine, have increased risks as nation-states orchestrate prolific cyberattacks against other countries.

Read More

Who to Blame for a Cyber-Attack?

Some 2,300 business interruption suits have been filed related to COVID-19, and a massive cyber-attack would surely produce even more--and more confusing--suits.

Read More

Compliance on Cyber Is No Longer Enough

There are countless examples of high-impact breaches affecting companies that are entirely cyber-compliant.

Read More

Insurers Unprepared on Cyber Threats

65% of insurance technologists cited cyber-attacks/threats as even a greater concern than inflation (45%) and retaining and hiring talent (40%)

Read More

New Cyber Threats Are Emerging

While ransomware still dominates among cyber threats, business email compromise incidents are on the rise, and geopolitical hostilities could spill over into cyberspace.

Read More

How to Fix Data Deficit on Cyber

The imprecision on cyber vulnerabilities and how to price insurance are unnecessary. Data is readily available -- if you look in the right places.

Read More