US cyber premiums grew to $2.26bn in 2019, an 11% increase from the previous year, with similar rates of growth observed for both package and standalone cyber products, according to Aon.
In the fifth edition of its US Cyber Market Update: The 2019 US Cyber Insurance Profits and Performance, Aon states that a total of 192 US insurers reported direct cyber written premium to the National Association of Insurance Commissioners (NAIC) in 2019, up from 184 in 2018. The new market participants averaged $393,000 in premium each, though the figures do not include managing general agents (MGAs), which do not file the NAIC supplement, something that Aon says is unfortunate, as recent years have seen MGAs adding both to the number of market participants as well as the perceived level of competition.
Aon’s analysis shows that about 90 insurers wrote more than $1m and 41 wrote more than $5m. Overall, the top ten cyber insurers accounted for 69% of direct written premium, slightly down from 70% in the previous year.
“The insurance industry experienced the impact of the increase of ransomware attacks in 2019. Losses were spread across companies of all sizes, especially the small commercial segment. Despite the increased loss ratio, the report’s combined ratio for 2019 suggests continued profitability for the US cyber insurance industry in 2019,” states Aon.
Jon Laux, head of cyber analytics for reinsurance solutions at Aon, commented: “Although ransomware has been on the rise for years, it was 2019 when the insurance industry felt the impacts far and wide. Unlike the NotPetya claims of 2017, these losses were not limited to a few large multinationals but were spread across companies of all sizes, and especially affected the small commercial segment. We expect that ransomware will be the main claims story of 2020 as well.”
He added: “For years now, the thesis of cyber insurance has been that risk mitigation and risk transfer belong together – that insurers can help companies that suffer from cyberattacks to get back on their feet while working to reduce cyberattack frequency and severity through more effective risk controls. We believe that the next several years may finally see this come to fruition, with insurers helping to improve cybersecurity hygiene and reduce the cost of cyberattacks.”
The report notes that the loss ratio increased from 35% to 45%, driven by claim frequency, and the average 2019 claim frequency across all companies was 5.6 claims per 1,000 policies, up from 4.2 in 2018. It explains that the jump in frequency more than offset a reduction in the claim severity, where the average claim size fell slightly from $50,401 in 2018 to $48,709 in 2019.
Aon says the results suggest continued profitability for US cyber insurance in 2019, despite the loss ratio increases, but it adds two caveats when interpreting the 2019 results. Firstly, the expense ratios are estimated from ‘other liability claims made’ and ‘commercial multi-peril’ business, since cyber is not a line in the Insurance Expense Exhibit. “Our experience with many insurers suggests that cyber expense ratios are higher than for other lines, perhaps by five points or more. This is not reflected in the NAIC data,” the report states.
Secondly, cyber insurance is a catastrophe-exposed line of business, and 2019 was a catastrophe-free year, and while this does not change the 2019 results, Aon recommends the inclusion of an appropriate catastrophe load for forward-looking projections.
The report also reveals that claims against first-party coverage outnumbered third-party claims, accounting for 65% of all claims. “This is consistent with what we hear from conversations with our clients, with first-party claims costs accounting for the majority of costs that insurers are paying,” states Aon in the report.
Small commercial cyber is outperforming the industry overall for growth and loss ratios, according to the report. It states: “Finally, in 2019 we saw continued development of the small commercial cyber segment, where the growth rates have exceeded the rest of the industry. Loss ratios have outperformed the industry as well, and although many have remarked on the impact of ransomware attacks on small businesses in 2019, the segment still ran at a lower loss ratio than the industry as a whole.”
The report is available at: https://aon.io/2020-us-cyber-market-update