Cyber insurance grows in US, especially among large companies, states Best report

Larger US companies, especially financial institutions and healthcare companies, are increasing cyber coverage, and the US market for cyber insurance grew significantly in 2017, according to a new AM Best special report. It reveals that direct premiums written rose nearly 32% year over year to $1.8bn, and policies in force jumped 24% to 2.6 million. However, Best notes that, despite the growth, the cyber insurance take-up rate remains low, particularly among small to medium-sized enterprises.

The report, ‘Cyber insurance market sees steady growth but still awaiting a real growth spurt’, states that the take-up rate for small to medium-sized companies remains in the low teens, and these companies generally remain complacent about their exposure to cyber-related events, such as data breaches and system failures, and underestimate the potential for business interruption.

While standalone cyber insurance grew significantly in 2016, the number declined 32% in 2017, as businesses appeared to move to less expensive packaged policies. In 2017, cyber packaged policies in force increased 28% for the US property/casualty industry. Best believes the rise in packaged policies is partly due to the addition of affirmative cyber coverage (when perils are explicitly included or excluded) to commercial policies.

The total number of cyber claims increased in 2017 to 9,017 – from 5,955 in 2016 – with packaged policies constituting 56.3% of the claims and standalone policies making up the remaining 43.7%. First-party claims increased significantly from 3,279 in 2016 to 5,941 in 2017, and made up 65.9% of the total. Third-party claims were relatively flat, however, increasing from 2,676 to 3,076, states Best in the report, noting that policies that cover third-party claims remain much more expensive.

According to the report, a lack of historical experience and tested cyber exposure models continue to add to the uncertainty of underwriting cyber insurance. Pricing sophistication varies significantly by insurer, with some using simplistic pricing based on expected losses, while others have much more sophisticated algorithms.

“At this point, underwriting and pricing are driven more by market forces than by loss experience and models,” comments Bobby Skrabal, a Best industry analyst. “As insurers develop more experience they’ll improve their pricing models, but due to the constantly changing nature of cyber threats, pricing will most likely continue to rely on the judgement of underwriters.”

Financial institutions and healthcare companies are acutely aware of their cyber exposures and are increasing their coverage, and average policy limits are rising, with some of the largest companies’ coverage towers above the half-billion-dollar mark, the report states.

It adds: “The cyber insurance market has an interesting dynamic: insurers appear to be willing and able to offer capacity but are reluctant to have cyber constitute a significant portion of their portfolio. National account buyers with a sophisticated view of risk management needs are driving demand, but insurers seem more interested in tapping into the SME market to increase their exposure. Smaller businesses have fewer claims, which is driving more competitive pricing for the SME market.”

Chubb INA Group was the top cyber insurer in the US in 2017, with $284.4m in cyber direct premiums written (DPW), the majority of which were for packaged policies. AIG, which had been the leading cyber writer, dropped to second with $227.6m in DPW, followed by XL Catlin with $177.9m in DPW, Travelers ($119.1m) and Beazley ($95.0 m), the report notes.

In terms of standalone cyber DPW, AIG and XL Catlin remained first and second in 2017. Chubb retained its position as the leader in packaged cyber DPW, with CNA and Hartford second and third. Almost 2.6 million cyber policies were in force at the end of 2017, compared to a little less than 2.1 million policies in force at the end of 2016.

Standalone DPW grew just 7.9% in 2017, compared to a 91.5% increase in 2016. Reported loss experience remains favourable for standalone cyber coverage, with the direct loss and DCC ratio improving to 35.4 in 2017, from 44.1 in 2016, according to the Best report.

The report concludes: “Regulation, specifically regarding data breaches, is likely to increase in the future, which, along with a greater reliance on technology, will expand insureds’ cyber exposure. This means that the coming years will provide enormous growth opportunities for insurers – as well as plenty of risks.”

Back to top button