{"id":66660,"date":"2025-02-05T12:38:38","date_gmt":"2025-02-05T17:38:38","guid":{"rendered":"https:\/\/techservealliance.org\/?p=66660"},"modified":"2025-02-05T13:05:11","modified_gmt":"2025-02-05T18:05:11","slug":"cyber-risks-amp-liabilitiesltspanfirst-quarter-2025lt-span","status":"publish","type":"post","link":"https:\/\/techservealliance.org\/cyber-risks-amp-liabilitiesltspanfirst-quarter-2025lt-span\/","title":{"rendered":"Cyber Risks and Liabilities: First Quarter 2025"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Cyber Insurance Market Trends to Watch in 2025<\/h3>\n

With the fast-changing nature of digital threats, cyber insurance can be an especially volatile and dynamic segment, and frequent market changes can make pricing predictions difficult to pin down. The CrowdStrike and Change Healthcare incidents highlighted the greater impact of just one cyberattack across multiple organizations and business sectors. Given the potential impact of systemic events like these, it\u2019s possible insurers will implement stricter underwriting guidelines in 2025 and may be less aggressive when it comes to lowering rates. While current price predictions indicate lower rates, mileage may vary by policyholder. Here are some key market trends to watch this year:<\/p>\n

    \n
  • Ransomware threats\u2014<\/strong>Ransomware attacks have skyrocketed over the past decade, and blockchain analysis firm Chainalysis reported that 2024 could be the largest grossing year yet for ransomware payments. In 2025, it\u2019s expected that health care providers, schools, government agencies and other infrastructure-related organizations will be increasingly targeted in ransomware attacks.<\/li>\n
  • Artificial intelligence (AI) exposures\u2014<\/strong>Cybercriminals can utilize AI technology to create and distribute malware, crack passwords, deploy social engineering scams, identify software vulnerabilities and analyze stolen data. This technology can enable such activities to be carried out faster and with greater success rates, which allows cybercriminals to cause major damage and even evade detection. Businesses should be particularly mindful of emerging AI-driven threats this year.<\/li>\n
  • Supply chain vulnerabilities\u2014<\/strong>These vulnerabilities can stem from a variety of parties and practices within an organization, including third-party services or vendors with access to information systems, poor information security practices by suppliers, compromised organizational software or hardware, software security failures in supply chain
    management or among third-party vendors, and inadequate third-party data storage measures. Supply chain attacks are an increasing challenge for insureds, and technological research and consulting firm Gartner predicts that 45% of organizations will experience attacks on their software supply chain by 2025.<\/li>\n
  • Data collection concerns\u2014<\/strong>A growing number of businesses have begun leveraging biometrics, pixels and other tracking technology to gather personal information from stakeholders for various HR, advertising and marketing processes; however, doing so poses several data privacy concerns. For instance, businesses that don\u2019t comply with
    applicable international, federal and state legislation when collecting, processing and storing stakeholders\u2019 data could face substantial regulatory penalties, costly lawsuits and associated cyber losses. As 2025 begins, businesses should be aware of heightened regulatory scrutiny and evolving privacy laws around data collection, especially as more states and countries strengthen their data privacy frameworks.<\/li>\n<\/ul>\n

    Contact us today for further cyber insurance guidance and solutions.<\/p>\n

    Plentiful Capacity for Cyber Reinsurance at Jan. 1 Renewals<\/h3>\n

    The cyber reinsurance market saw a crop of new capacity for Jan. 1 renewals, according to industry leaders who confirmed reinsurance buyers saw better terms and conditions and lower risk-adjusted rates.<\/p>\n

    \u201cThe cyber reinsurance market remained dynamic and innovative, with buyers exploring a range of blended solutions, from pro rata to event excess of loss and aggregate stop-loss structures,\u201d reported global risk advisory and reinsurance broker Guy Carpenter in a recent commentary.<\/p>\n

    \u201cReinsurance buyers benefitted from improved supply and demand dynamics in 2024, driven by an oversupply of capacity, reduced demand and manageable large losses,\u201d said global insurance group Howden in a new report. The group said an additional $250 million in capacity came in from nine reinsurers entering the cyber reinsurance market\u2014seven established carriers and two start-ups. Renewals \u201cprogressed smoothly,\u201d Howden added, citing that quota shares remain the preferred structure for buyers but more availability of excess of loss reinsurance.<\/p>\n

    \u201cPerhaps indicative of the market conditions, or maybe reflective of reinsurers\u2019 greater confidence in their understanding of the class, we have seen a greater willingness to offer risk excess of loss reinsurance products in support of cyber portfolios,\u201d said Howden. \u201cGiven the ongoing spotlight on systemic events, an increasing proportion of cedents shifted their focus from proportional to nonproportional products more targeted at tail protection.\u201d<\/p>\n

    Part of reinsurers\u2019 efforts to offer program structures aimed at systemic exposures included requiring more detail from primary insurers on the risk, the group added. \u201cAll of which translates into an increasingly mature and efficient marketplace,\u201d said Howden.<\/p>\n

    Contact us today for additional insurance industry updates<\/p>\n

    Mitigating the Risk of Formjacking<\/h3>\n

    Formjacking is a cyberattack method in which a threat actor injects malicious JavaScript into a website, often one that contains an online payment form. Once the targeted page has been compromised, the added code allows the hacker to collect sensitive data, such as credit card numbers, addresses and phone numbers. This data is sent to the cyberattacker\u2019s domain after unsuspecting users enter their information and click \u201csubmit\u201d to complete a transaction. Malicious actors can then use the stolen data in identity theft schemes, payment card fraud scams and account takeover attacks, or they can sell it to other criminals. Stolen information can also be used to create fraudulent accounts and distribute malware. The hacker\u2019s code may be loaded through various methods, such as by exploiting a vulnerability in a business\u2019s website, employing a phishing scam in which the cyber intruder gains access to a company\u2019s checkout page, or compromising a third party\u2019s app or JavaScript used by a business.<\/p>\n

    Formjacking attacks can have severe financial consequences, including lawsuits, fines and penalties, as well as expenses related to remediation. Moreover, formjacking can damage a company\u2019s reputation, as clients, vendors and other partners may lose their trust in the business due to cyber incidents.<\/div>\n
    \u00a0<\/div>\n
    Although detecting malicious formjacking code and preventing attacks can be difficult, there are several measures businesses can take to identify potential issues and reduce the risk of it happening. Consider the following strategies:<\/div>\n
      \n
    • Practice cyber hygiene by keeping software, patches and extensions up to date. Establishing a content security policy and using firewalls and subresource integrity tags can also help prevent the injection of malicious data onto business websites and protect data.<\/li>\n
    • Scan and audit website code regularly to check its integrity. Monitoring and analyzing web logs and JavaScript behavior can help detect malicious activity, and checking where a browser is sending data is also key in stopping formjacking attacks.<\/li>\n
    • Utilize cyber defense techniques such as obfuscating JavaScript, which can make code more difficult for cyberattackers to understand. Implementing network segmentation can also limit network exposures and malicious actors\u2019 lateral movement capabilities.<\/li>\n
    • Implement ongoing cybersecurity measures, such as thoroughly testing websites before they are publicly launched, executing penetration testing to discover vulnerabilities, and monitoring the supply chain to ensure vendors whose code is being used follow cybersecurity best practices.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

      Cyber Insurance Market Trends to Watch in 2025 With the fast-changing nature of digital threats, cyber insurance can be an especially volatile and dynamic segment, and frequent market changes can […]<\/p>\n","protected":false},"author":4039,"featured_media":66676,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","_company_domain":"","_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"footnotes":""},"categories":[1],"tags":[],"topics":[247],"member-content":[],"class_list":["post-66660","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","topics-insurance-business"],"acf":[],"_links":{"self":[{"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/posts\/66660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/users\/4039"}],"replies":[{"embeddable":true,"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/comments?post=66660"}],"version-history":[{"count":5,"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/posts\/66660\/revisions"}],"predecessor-version":[{"id":66829,"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/posts\/66660\/revisions\/66829"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/media\/66676"}],"wp:attachment":[{"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/media?parent=66660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/categories?post=66660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/tags?post=66660"},{"taxonomy":"topics","embeddable":true,"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/topics?post=66660"},{"taxonomy":"member-content","embeddable":true,"href":"https:\/\/techservealliance.org\/wp-json\/wp\/v2\/member-content?post=66660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}