BY: INSURANCE COMMISSIONER MIKE CHANEY
October is Cybersecurity Awareness Month. Cybersecurity is a hot topic for the insurance sector today and a growing concern for many businesses. Businesses, large and small, should consider cyber insurance as part of their risk management process. Cybersecurity is a risk that all carriers should take seriously from an operational resilience perspective, as cybersecurity events can disrupt your business, costing you money.
Most commercial property and general liability policies do not cover cyber risks, and cyber insurance policies are highly customized for clients. Insurers and insurance producers must protect the highly sensitive consumer financial and health information collected as part of the underwriting and claims processes. Reports show that sectors like health care and financial services are experiencing higher cybersecurity incidents and claim costs, partially due to the data they manage.
Back in 2019, the Mississippi Legislature passed Senate Bill 2831, otherwise known as the Insurance Data Security Law. The Cybersecurity Law establishes standards for data security in the Mississippi insurance industry. It also set parameters for how my office is notified of security breaches and how they are investigated. This requires, among other things, that an insurance licensee notify my office within three business days after determining that a cybersecurity event involving non-public information has occurred.
More companies are entering the market each year. According to the most recent report on the Cyber Insurance Market from the National Association of Insurance Commissioners, issued in Fall 2024, shows a cyber insurance market of roughly $9.84 billion in direct written premiums. The U.S. cyber insurance market accounts for 59% of the $16.66 billion in premiums written for cyber coverages globally in 2023. This indicates a growing demand for cyber insurance coverage. The number of claims has also gone up with more than 33,000 in 2023. This increase reflects the rising frequency of cyber incidents.
We see a complicated landscape in cybersecurity, which remains a priority for my office. And we are seeing increasing calls for legislation, nationwide, and regulation for enhanced cybersecurity measures to address risks including identity theft, business interruption, data repair costs and more. Purchasing cyber insurance is a risk management decision. I hope that each company or business owner will consider their specific risk and decide if they would benefit from cybersecurity insurance.