Rising insurance costs add to cyber pressures from public finance sector

The increasing pace and sophistication of cyberattacks against U.S. public financial entities has led to increased costs and difficulties in acquiring robust cyberinsurance coverage.

According to Fitch Ratings, public entities are increasingly required to undergo rigorous security audits and adhere to industry best practices in order to purchase cyber insurance. Cyber ​​insurance may become increasingly unaffordable for public entities with shrinking budgets as premiums continue to rise and insurer guidelines require increased staff and costs to update old systems and software.

Without the ability to properly transfer risk, public entities could face greater financial and reputational risks from cyberattacks, which could have negative credit implications, according to Fitch.

According to a 2021 Local Government Survey According to the Public Technology Institute (PTI), 59% of city IT managers report that their cybersecurity budgets have increased over the previous year, but the majority also believe that their cybersecurity budget is insufficient to support current and evolving security initiatives.

The increase in high-profile ransomware incidents in the public finance sector starting in 2018 led entities to turn to cyber insurance as a means of transferring risk. With ransom demands typically in the five-figure range, affordable and easy-to-obtain cyber insurance has helped reduce financial risk.

However, with soaring ransom demands and collection costs, insurers have adjusted premiums and preconditions. With some ransomware claims soaring to six and seven figures, PF entities are losing the price of comprehensive and quality commercial cyber insurance policies. Cyberinsurers paid around 73% of premiums collected last year, a dramatic increase from around 34% in 2018. Cyberinsurance premiums continue to rise in the wake of the coronavirus pandemic.

Despite higher costs, more and more public finance entities are taking out cyber insurance. About 90% of respondents to PTI’s survey said they had cyber insurance, an increase from 78% the previous year, and 69% noted that their cyber insurance premiums had increased since their last renewal.

Public finance entities are also experiencing reduced coverage limits, requiring some entities to take out multiple policies to achieve the desired level of coverage. Reduced coverage may be more economical, but it weakens the effectiveness of cyber insurance as a risk transfer tool.

In addition to commercial insurance, state-level risk pools are important providers of cyber insurance for many small and medium-sized municipal issuers. The Association of Governmental Risk Pools (AGRiP) estimates that at least 80% of all local government entities participate in one or more risk pools, which are generally established on a membership basis and geared towards government groupings of same nature, such as school districts or counties. . These pools, in which members agree to share the cost of risk, were created in the United States in the 1970s and 1980s to reduce and stabilize general insurance costs when many commercial insurers did not serve the FP market. . Public entity risk-sharing pools are not required to generate profits, and the external regulation of pools varies from state to state and by type of risk.

Trends in insurance cost pressures may be lagged in risk pools relative to commercial insurance, but will eventually lead to increased member costs and/or extended coverage at a higher price. This guidance is highlighted by the Texas Association of School Boards (TASB) Risk Management Fund. Privacy and information security coverage was originally offered to members in 2014 for cybercrime protection, but was only available in conjunction with a member’s school liability coverage. This type of coverage was later expanded and larger members with more complex systems were given the option to purchase higher coverage limits based on their organization’s needs beginning in 2019-20, with TASB staff assessing each member to determine the additional cost of the higher limits requested.

This article was originally published as a post on Fitch Wire’s Credit Market Commentary page at www.fitchratings.com. All opinions expressed are those of Fitch Ratings.


Interested in Internet?

Receive automatic alerts for this topic.

Comments are closed.