Cyberinsurance is Getting Cheaper

Back in March, I came across a freshly published IDC report built around an interesting question: Have Cyberinsurance Premium Increases Finally Slowed Down?

That would be welcome news, obviously, if true. According to Fitch Ratings, premiums on cyber policies rose roughly 200% across 2021 and 2022. About time they start plateauing.

Turns out the answer to IDC’s question is no, however. Premiums aren’t increasing more slowly. They’re declining. In fact, they fell 6% in Q1 this year, according to Marsh, after dropping 3% in Q4 of last year. Here’s why, according to Fitch, which says premiums dropped (for the first time ever) by 2% year over year in 2023:

Favorable cyber underwriting results are partly due to prior large increases in premium rates. Insurers are also being more careful in cyber risk selection and the underwriting process. They are requiring that customers maintain proper cyber hygiene and risk management practices before agreeing to insure them. Additionally, insurers are tightening policy language to more strictly define terms, with more frequent insertion of sub-limits and exclusions.

That sums up the current landscape as described to me by multiple experts with admirable concision, but there’s a lot going on there. Let’s tease it apart a little.

“Favorable cyber underwriting results are partly due to prior large increases in premium rates…”

Carriers entered the cyberinsurance market some years back with high hopes for easy profits and almost no knowledge of security. As a result, they underpriced their policies and suffered big losses on greater than anticipated claims activity.

That was before Covid and the work-from-home phenomenon triggered a ransomware explosion, moreover. “Nobody saw that coming,” says IDC analyst Philip Harris, who wrote the report I referenced earlier. It hasn’t let up either, he adds. “In fact, it keeps getting worse and worse and worse.”

Indeed, while the portion of organizations hit by ransomware in the last year dipped from 66% to 59%, according to Sophos’s recently published State of Ransomware 2024 report, the average ransom payment soared 500% to $2 million.

Even so, however, insurance companies have jacked up prices so much in recent years that premiums are now much better aligned with losses, making further rate hikes less necessary. For now, anyway. Joseph Brunsman (pictured), founder and president of cyber and liability brokerage Brunsman Advisory Group, isn’t convinced insurers have cracked the code yet on cyberinsurance pricing.

“The deep dark secret here that nobody wants to really talk about in the cyberinsurance world is that nobody actually knows what they’re doing,” he says.

“…Insurers are also being more careful in cyber risk selection and the underwriting process. They are requiring that customers maintain proper cyber hygiene and risk management practices before agreeing to insure them…”

Carriers may not know a lot about security these days, but they know more than they used to, and it shows in the greater length and specificity of their questionnaires.

“Insurers have gotten much more picky with who they’re willing to insure,” says Jon Murchison, CEO of MDR vendor Blackpoint Cyber. “They’re starting to require more robust tooling.”

Weeding out applicants who don’t meet those standards has resulted in fewer claims, less need for price spikes, and more room to reward businesses that employ best practices. “The more secure you are and the more you can demonstrate it, you’re going to save on the bottom line for insurance premiums,” Harris says.

That has end users in search of lower rates on better coverage finally adopting products and practices they should have embraced years ago.

“It’s a double-edged sword,” observes Brunsman of sprawling insurance questionnaires. Helping clients fill them out is a giant headache for MSPs that can also inspire additional security spending.

“They’re using that as an opportunity to speak to their clients about increasing their controls,” Brunsman says.

“…Additionally, insurers are tightening policy language to more strictly define terms, with more frequent insertion of sub-limits and exclusions.”

Here’s the gotcha part of the story. Yes, premiums are declining for the moment, but that’s partly because carriers are modifying policies to deny coverage under a growing list of conditions, like leaving vulnerabilities unpatched or negotiating ransom payments without professional help. The result is fewer claims to pay and less cause for higher prices.

“We just see insurance companies try to slide these exclusions into the policies,” Brunsman says. They usually get away with it too, he adds, because neither brokers nor MSPs appreciates the implications.

“Technology folks obviously don’t understand insurance and insurance folks obviously don’t understand technology,” Brunsman notes.

Thanks for reading Channelholic! Subscribe for free to receive new posts and support my work.

Four more facts worth knowing

Before we move on, here are a few final insights from my sources on this topic.

1. Exclusions or no exclusions, denied claims are rare. Yes, Brunsman confirms, cyber claims do get turned down. It just doesn’t happen nearly as often as some would have you believe. “Contrary to popular belief, the overwhelming majority of the claims get paid,” he says.

2. There’s less than meets the eye to those alliances between insurers and vendors. For over two years now, vendors like Augmentt, CyberFOX, Sophos, and Trend Micro have been signing agreements to share end user telemetry with insurance issuers. In theory, that enables carriers to verify ongoing compliance with policy requirements. In reality, according to Murchison (pictured), all it’s done so far is help carriers verify those requirements were in place when the customer applied for coverage.

“I don’t think the market’s at the point where they know how to leverage all this data sharing,” he says. “I sure haven’t seen it and I’m pretty plugged into that world.”

3. Businesses not using continuous compliance management software now will be soon. Most carriers require policy holders to renew coverage annually. “Every year you’ve got to demonstrate that you’re compliant,” Harris says. All well and good, he adds, but businesses can make a lot of changes between those 12-month milestones.

“They [add] new applications, take systems out, set up different networks, and there’s always some form of configuration drift,” Harris observes. To mitigate those risks, he predicts, carriers not getting real-time telemetry from security alliance partners at present will soon require insured companies to run continuous compliance management software from vendors like Apptega, Qualys, and others.

4. Beware the black swan. Insurers that have gotten better at weighing the financial impact of breaches affecting one business continue to have trouble preparing for the digital equivalent of hurricanes.

“Considerable resources are expended by carriers and risk modeling firms to measure risk aggregations and probable maximum losses from larger cyber events,” Fitch writes. “However, these tools remain less advanced than natural catastrophe risk models that have been refined over the last 30 years.”

Carriers are all too aware of it too, according to Murchison. “The things that really freak out insurers are these kind of black swan events,” he says, citing a supply chain attack on a widely used single sign-on solution as a hypothetical example. “That can really disrupt an industry overnight.”

Syncro’s all in on AI

Some things never change. Labor was an MSP’s largest contributor to cost of goods sold 20 years ago when managed services as we know it was in its infancy, and it still is today.

“They’re rare and they’re expensive,” says Syncro CEO Michael George of technicians. “So if you could double or triple or quadruple the size of your business as an MSP and not have to add a single member to your technical staff, just think about how profitable and how empowering that is.”

Helping MSPs achieve that empowerment has been core to George’s strategy since he was CEO of Continuum, the managed services mainstay acquired by ConnectWise in 2019. In those days, he used “labor arbitrage,” as he calls it, in the form of an outsourced, offshore NOC in India to realize that vision. Today it’s all about artificial intelligence.

“We are really going to be AI-forward,” says George, who stepped into his current role in February. “The thing that we will be most known for is the level of automation that we bring to this market.”

The AI-powered Smart Ticket Management solution Syncro announced 10 days ago and will officially launch this summer is a down payment on that promise. The system automatically categorizes newly created tickets, associates them with specific assets in the RMM system, and either suggests step-by-step measures technicians can perform themselves or offers to run automations (written and vetted in advance by humans) on their behalf.

A follow-up feature called Smart Search is next on the roadmap. That tool will read the ticket a technician is viewing, find similar tickets from the same client, and show how the problem was fixed the last time it occurred.

Longer term, Syncro’s automation ambitions extend far beyond ticketing. “We’ve started with tickets because it’s really the heart and soul of where technicians spend all of their time and we know there are enormous gains to be had by helping them do that more efficiently, but you’ll see it throughout the whole platform as we go,” says Dee Zepf (pictured), who became chief product officer at Syncro in March.

For the moment, Syncro’s AI engine (like N-able’s and Pia’s, among others) does nothing without a technician’s knowledge and consent. “We put it in front of the MSP so they can actually choose to do something,” Zepf says. “We’re not doing anything automatically yet for them.”

Note the “yet” though in that last remark. According to George, Syncro has eventual plans to embrace a self-healing “autonomic computing” model in which AI draws on the predictive analytics long built into management tools to address potential technical problems before they become actual ones.

“The predictive capabilities give us preventative capabilities as well,” he says.

Zepf is in no rush to harness those capabilities, though. “We’re going to walk before we run and see where we go along the way,” she says. “It’s a journey for all of us, and what we want to do is what our partners are comfortable with us doing.”

Like Kaseya but unlike ConnectWise, which leans on Microsoft’s Azure OpenAI Service, Syncro employs a customized large language model trained on its own data to power everything AI-related it does.

“It’s all running in our Amazon environment,” Zepf says. The result, she adds, is a platform that’s not only more secure but more effective.

“We really feel like the level of accuracy we can get to is so much better with what we’ve been able to build than what we could have gotten if we had gone outside and pulled something in,” Zepf says.

It says something impressive about the pace of innovation today’s LLM development tools make possible that Syncro designed, built, trained, and shipped its AI platform from scratch in just the last few months. “It’s all new since we got here,” George says. “We’ve been able to make incredible progress, I think, in such a short amount of time.”

More is on the way. “This is the first of many releases of its kind,” George says. “You’ll see us with a very ambitious roadmap.”


No such thing as too much AI, right?

So tune into the latest episode of the podcast I co-host to hear a conversation with Pia CEO Gerwai Todd about the present and future of AI-fueled automation for MSPs.

Also worth noting

Huntress has joined the unicorn club.

Seven months after becoming TD SYNNEX’s COO, Patrick Zammit is now set to become its CEO come September.

Maybe less momentous, but Ingram Micro is the first U.S. distributor to earn Engaged Preferred Services Partner status from Fortinet.

Sherweb has a new self-serve portal for its MSP partners.

Kaseya’s TruMethods unit has a new growth program for 1-5 person MSPs.

NinjaOne now does mobile device management.

Announcements during Hewlett Packard Enterprise’s Discover conference this week include partnerships with NVIDIA on AI enablement programs and co-developed AI solutions.

CrowdStrike’s contribution to the Discover news is that its Falcon cybersecurity platform now integrates with HPE’s GreenLake cloud and OpsRamp AIOps solution.

Just as we told you to expect earlier this week, Bitdefender’s adding three security bundles to the Pax8 marketplace.

Pax8 has hired a chief AI officer.

N-able has published a responsible AI use pledge.

Aryaka’s using generative AI to accelerate network performance.

LogicMonitor is using genAI to help technicians reduce alert fatigue, avoid incidents, and otherwise protect infrastructures more scalably.

Fellow observability vendor Riverbed has an all-new partner program.

Produce8 has a new partner program too.

Ditto for Cato Networks.