The cyber insurance market continues to go through convulsions due to increased claim activity as well as carrier capacity issues.
Cyber insurance pricing increased an average of 96.% year over year, as of 3rd quarter 2021, as companies faced a daily onslaught of cyber-attacks. Premiums continue to rise even though insureds are raising their retentions and decreasing their limits in an effort to reign in premium increases.
Over the last 18 to 24 months numerous insurers have experienced a significant increase in loss ratios as well as a deterioration of profits due to the rising frequency and severity of ransomware losses.
Insurers are paying closer attention to the risk of a single cyber event affecting a considerable number of insureds simultaneously. Studies have revealed that a systematic cyber event could cost multiples of the estimated size of the current cyber market. This has led to a significant increase to the catastrophic load as part of the overall premiums charged.
As a result of this increase in claims reinsurers are increasing their costs. Further the demand for reinsurance capital remains greater than the current available supply.
The pool of capital available to insureds, from insurers, is dwindling which means the total amount of cyber premium that insurers are collecting is potentially insufficient for a catastrophic loss. Some insurers are exiting the cyber market due to these concerns. Meanwhile other carriers are reducing the amount of capital deployed on any given risk in order to limit their insured portfolio exposure.
Ransomware continues to drive an increase in frequency and severity of claims. Since 2018, cyber incidents have escalated considerably, driven in large part by the rapid digitalization of business. This was accelerated by the pandemic and the increase in the number of organizations buying cyber insurance, meaning, more cyber events were insured. Ransomware is now entrenched as a dominant threat, rising in frequency and severity and deepening insurance market concerns over attritional losses, accumulation, and systematic risk.
The current volatility within the cyber insurance market is causing insureds frustration as they are forced to increase retentions, decrease limits, and accept more limited coverage terms and conditions. Many companies that purchase cyber insurance are being forced to reduce policy limits due to internal budget constraints but also due to a reduction in carrier appetites for cyber risk especially where it is deemed by the carrier that certain security controls and corporate governance appears to be lacking or insufficient. Other insureds are forced to increase their limits, and subsequently their premiums, due to their increase in cyber exposure due to the digitalization of their businesses – this is generally the case when a company is faced with an increase in their cyber exposure or have a deeper understanding of the magnitude of the existing risk. Having a good grasp of their risk exposure is essential when a company is faced with the prospect of either decreasing their limits to save on premium or increasing their limits due to a better understanding of their risk exposure. Most companies are being forced to accept higher cyber policy retentions due to carriers decreased appetite for risk exposure.
Further many cyber carriers are now tightening their underwriting standards and stipulating that companies that purchase cyber insurance adopt tighter security controls that will have a meaningful impact to the company’s exposure to cyber risk.
There is legitimate concern that the market for cyber insurance will continue to tighten and contract in the coming years due to carriers leaving the market due to capacity and profitability issues. I have even heard some carrier underwriters question whether or not there will even be a cyber insurance market in the future if the carriers that provide this coverage cannot figure out a way to increase capacity as well as decrease their risk exposure.