Concern grows that cyber won’t remain insurable risk

Cyber remains the big risk that keeps French risk and insurance managers awake at night, but there are growing fears that it won’t remain insurable or large firms will simply walk away from the market, Oliver Wild, president of Amrae, told Commercial Risk.

Speaking as part of our Risk Frontiers Europe 2022 survey, Wild said it is becoming increasingly difficult to insure cyber risk, with very little appetite in the insurance market.

“If you look at the history of cyber insurance, six or seven years ago, everyone wanted to sell you a policy with very little analysis of the exposures and what the risk really was about. Since then, there have been a number of large claims and now a number of carriers don’t want to insure cyber at all. Overall, there is significantly reduced capacity in the insurance market now,” he said.

Wild said said five years ago he could buy quite large cyber capacity cheaply. Now, the price has increased three-fold and capacity has been halved, with significant exclusions and sub-limits introduced.

He said Amrae research during the past few years has shown insurers need to cover a wider range of cyber risks, including SMEs, rather than concentrating on the largest corporates, for the cyber market to function better.

However, with prices going up and cover reduced things have actually gone into reverse.

“In 2022, we find that the market has actually contracted, which means there is insufficient premium income to cover even a small number of claims. The market is obviously not sustainable like that. Some carriers have actually paid out the premium of the past five years in just one year,” said Wild.

A French ministry’s report flags statistics by a government agency that show cyberattacks increased by 155% in France between 2019 and 2020. In the following year, the number jumped another 101%. Anssi, the French cybersecurity agency, estimates that 54% of all French companies suffered some kind of cyberattack last year.

In spite of that alarming jump in risk, Wild said risk managers at some of the larger French corporates are saying their company might walk away from the insurance market if it cannot step up to the plate on cyber.

He added that part of the reason for this is cyber risk management has improved among large French firms.

“What has changed for the large corporates is that there has been significant investment in cybersecurity in terms of resources and strategy. A lot more is being spent on detection. Corporates know these attacks will happen and that you will never build a wall high enough, as the cybercriminals will always be able to climb higher. But what you can do is detect the problem much more quickly and then deal with it. Having the capacity to react is key,” said Wild.