RANCHO MIRAGE, California — The exponential growth in technology innovation is driving rising exposures for businesses, leading to greater volatility and uncertainty for cyber insurance buyers, experts say.

Technology is “literally exploding,” said Michael Steep, Stanford, California-based founder and executive director of the disruptive technology program at Stanford University and president of consultancy Transform Innovation Ventures, said during a panel session Tuesday at the Captive Insurance Companies Association 2023 International Conference.

Silicon Valley and startup technology companies globally spent $300 billion on disruptive technology in 2022, creating massive amounts of data for every kind of interconnected device, he said.

Artificial technologies, such as ChatGPT, are also evolving, creating problems for businesses and consumers, he said. 

This next wave of technologies will “open up a whole new area of vulnerability for cyberattacks,” Mr. Steep said, noting that bad actors can manipulate information in ways that it can be dispersed in virtually any type of application without adequate protection.

The speed of AI-based attacks is now in the milliseconds, while IT response time to these attacks is “ridiculous” — some 167 to 215 days, he said.

The outlook for cyber insurance is uncertain and volatile, said Aaron Hillebrandt, Bloomington, Illinois-based principal and consulting actuary at Pinnacle Actuarial Resources.

“A year ago we felt pretty confident that rate increases were going to continue, and underwriting was going to get tighter,” Mr. Hillebrandt said.

But the picture is no longer clear, he said, noting that his analysis of recent loss ratio data at one cyber insurer indicated a “dialing back” of loss trend assumptions, pointing to a tightening in underwriting, while rates appeared to have decreased.

“If you think about writing homeowners insurance in Florida where there’s a lot of hurricanes, you would rightfully expect it’d be really expensive to cover. But if, all of a sudden, an insurance company decided the only homes they were going to (cover) would have to touch the Georgia border, then maybe you can take a big rate decrease for that hurricane. There may be some of that going on here,” Mr. Hillebrandt said.

In 2021, cyber buyers faced across-the-board rate increases of as much as 400%, said Nick Pearson, Tampa, Florida-based vice president of BMS Group Ltd.

“It was a market correction in pricing that needed to be done on some of these risks,” Mr. Pearson said.

While price increases are still occurring, they’ve “leveled off,” with some books seeing increases more in the range of 10% to 50%, he said. He attributed this shift to greater underwriting discipline by insurers.

Insurers are asking many more risk management questions, which has helped, Mr. Pearson said.

“It’s been tough to place some insurance policies,” and there is much greater focus on risk controls, such as multifactor authentication and endpoint detection and response (EDR), he said.

The insurance sector has traditionally looked back at historical loss scenarios and loss ratios, but businesses need to be more proactive in responding to cyber threats, said Stephen Cardot, CEO of CloudCover Re, based in Minneapolis.

The days of humans sitting in front of monitors to solve for attacks by bad actors “are over,” Mr. Cardot said.

The use of automated intelligent platforms and deep learning technology that can predict IT security issues at sub-second reaction time is set to increase, he said. AI-generative platforms are “a game-changer” that can help reduce and control cyber risks in real time, he said.