Aon's first ever errors & omissions/cyber insurance product snapshot presents a pretty dire picture of worsening conditions.
There were on average three new E&O cyber matters per business day in 2020, a whopping 100 percent increase from 2019, and most were ransomware event related, according to the report.
Underscoring the pain ransomware is increasingly causing, Aon said ransomware attacks over the previous three years have jumped an astounding 486 percent.
Also, the average loss severity for claims worsened each quarter in 2020, the Aon report found, adding that "clients experienced eight-figure event-related losses" in many cases.
At the same time, insurers did what they could to counter the increasing threat. Aon said that insurers added new arrows to their quivers such as "public-facing scanning resources" that can search for cyber threat vulnerabilities. Many may have ransomware-specific applications, the company said, focused on areas including improving insured risk controls and improving risk selection for insurers.
Aon said these trends should quicken even further in 2021, many accelerated by the COVID-19 pandemic. One response to this, along with risk reevaluations, will be rate increases, which Aon said will range between 20 percent and 50 percent.
"To maintain a commitment to long-term stable cyber capacity, insurers are reviewing areas in their portfolios where underwriting action is needed, and reevaluating capacity deployment, specifically as it relates to ransomware losses," Aon said.
Aon also cited a number of related risk trends to watch in the months ahead. They include:
- E&O exposures stemming from digital transformation initiatives quickened by COVID-19. Aon warns existing insurance may not fully address them.
- Remote workforces will remain after the pandemic, and Aon said this trend will increase potential risk vulnerabilities for the long term. Weak spots include companies' existing remote desktop protocols, software, remote access security, reliance on third party IT service providers and digital communication.
- Cyber Extortion – particularly through ransomware attacks. Aon said ransomware has evolved beyond the encryption of sensitive data to the threat of exposure of that data on the internet. The likely result: limbo for corporate processes until the issue is resolved. Another big, new risk – potential liability consequences such as regulatory fines or third-party lawsuits.
The full report is "Aon's E&O/Cyber Insurance Snapshot: A focused view of 2021 risk & insurance challenges."