Despite a recent wave of ransomware attacks, cyber insurance premiums are declining around the globe.
That’s because businesses have gotten better at dealing with losses related to cybercrime, specialist insurance broker Howden said in a report issued Monday (July 1).
“Favorable dynamics have persisted into 2024, with the cost of cyber insurance continuing to fall despite ongoing attacks, heightened geopolitical instability and the proliferation of Gen AI,” Sarah Neild, Howden’s head of cyber retail for the U.K., said in a news release.
“At no other point has the market experienced the current mix of conditions: a heightened threat landscape combined with a stable insurance market underpinned by robust risk controls. The foundations for a mature cyber market, with innovation and exposure-led growth at its core, are now in place.”
The report shows cyber insurance pricing falling 15% since its peak in 2022, along with a “mixed” picture of ransomware attacks.
The frequency and severity of such attacks has come down this year after peaking in 2023, while the percentage of incidents in which a ransom is paid has been declining since 2019. Still, ransomware remains the “costliest form of cyber attack,” the report said.
“The past 12 months have seen the splintering of ransomware groups, increased collaboration between hackers and tacit support from hostile governments,” Howden wrote.
Attacks jumped 85% between 2022 and 2023, and increased by 30% between the first quarter of last year and this year. The report also notes an uptick in recovery costs for ransomware attacks, as well as multiple recent attacks in the healthcare sector.
“Investments in cyber security and insurance coverage are paying dividends in this environment, with insured companies now less vulnerable to prolonged disruption in the event of an attack,” Howden wrote. “This is reflected by a marked fall in the proportion of victims compelled to pay a ransom over the last year.”
The report follows a month marked by several high-profile cyberattacks, including one in which a ransomware gang hacked Evolve Bank & Trust and posted customer data on the dark web.
“The scope of the breach and the data being released could impact nearly the entire FinTech landscape beyond just the users of Evolve’s banking-as-a-service (BaaS) program partners, which include Affirm, Stripe, Mercury, Airwallex, Alloy, Bond (now part of FIS), Branch, Dave, EarnIn, TabaPay and others — along with their own customers, or anyone who has sent a payment to or received a payment from them,” PYMNTS wrote last week.