Cyber insurance pricing climbs as Covid-19 increases risk and demand
The cost of cyber insurance is rising as losses mount, capacity shrinks and demand grows following Covid-19.
Cyber insurance rates are on an upward trend, particularly for large companies, according to Alessandro Lezzi, international cyber and tech leader at Beazley. Changes in the market are largely driven by increased losses from ransomware attacks and a reduction in cyber insurance capacity, he explained.
“With silent cyber, insurers have been doing their homework and see that cyber can trigger other lines of business. As a result, some are allocating some cyber capacity to other lines, leaving less capacity for standalone cyber insurance,” he added.
The cyber insurance market is hardening, said Mark Camillo, head of cyber for AIG in EMEA. “We are seeing rates going up and many carriers putting up smaller limits. Demand for the coverage is still strong and many companies are making trade-offs, such as higher retentions, in order to get the coverage and terms needed,” he said.
Claims have been increasing at a rapid rate, according to Mr Camillo. “Ransomware is the main driver behind the severe losses over the last 18 months. Data breach claims are still occurring but the liability has been slower to develop versus the first-party losses attributed to ransomware,” he said.
“Given both the frequency and severity of claims across all industries, we expect the market to continue to harden, with double-digit rate increases extending through 2021,” said Mr Camillo.
“Companies that are able to demonstrate higher levels of cybersecurity maturity should still be able to get better terms as carriers focus on security controls and loss-prevention services,” he added.
During the past three years, there has been a spike in cyber losses with ransomware a big driver, explained James Bullock-Webster, head of tech, media and cyber at specialty broker New Dawn Risk. “The frequency of these attacks has continued to increase, but the severity of each attack has grown exponentially. Fewer insurers are prepared to write primary business, with some carriers retrenching to excess positions and limiting their line sizes,” he said.
Anecdotal evidence suggests that cyber insurance loss ratios have risen from 30% to 40% a few years ago, to nearer 65% to 70% today. “With an ever-evolving threat landscape, underwriters are unsure how to price new business and are likely to take a cautious approach, meaning rates will rise,” said Mr Bullock-Webster.
The cyber market has so far avoided the size of rate increases seen in other financial lines, but Covid-19 could prompt further hardening going forward, according to Tom Malcolm, head of UK cyber at New Dawn Risk.
“Unlike the rest of the specialty market, cyber seems to have staved off the hardening… However, post-Covid we may see a reduction in the availability of capacity and the subsequent hardening,” he said.
Coronavirus could well lead to an increase in cyber exposure. Growing connectivity and remote working make it easier for hackers to infiltrate a computer systems at a time of already rising ransomware attacks and ‘business email compromise’ attacks, explained Mr Lezzi. Companies can expect underwriters to ask more questions around IT security, as well as an organisation’s culture and approach to Covid-19, he said.
The Beazley Breach Response team has seen early signs that home working may be contributing to a growing frequency of incidents. While it is early days, claims were elevated in the summer compared with the same period of last year, said Mr Lezzi.
Moments of crisis present the perfect opportunity for cybercriminals to strike as people are distracted from cyber resilience, according to Tiago Dias, cyber consultant at FM Global. “Covid-19 is a classic example of this and it has been well reported that the number of cyberattacks has shot up during the pandemic,” he said.
A huge number of employees are working from home, using untrusted environments and personal devices to connect to corporate services. Home working can also put a strain on existing digital infrastructure, which in turn can trigger significant vulnerabilities. The pandemic can also impact an organisation’s ability to respond to a cyber incident, Mr Dias pointed out.
“With less standardisation regarding computer systems and Wi-Fi networks, there is greater potential for cyber threats as the attackers have more avenues to probe. In turn, this could lead to employees being hacked, providing access for cybercriminals to exploit,” he said.
Cyber insurers anticipated a flattening or reduction in demand for cyber insurance, which is still a relatively new line of insurance for companies to purchase. However, demand increased as companies became increasingly aware of the perceived risks of remote working, explained Mr Lezzi. “We have seen demand increase across the industrial and mid-market as more companies look to buy cyber insurance in the UK and Europe, and to an extent in Asia and Latin America,” he said.
But interest in cyber insurance peaked mid-lockdown and has since calmed down, according to Dawn Risk’s Mr Malcolm.
FM Global is seeing a trend whereby companies try to build separate, standalone cyber programmes that sit alongside their property programme. This is driven by the tendency of some property carriers and reinsurers to exclude cyber from their policies, among other trends, according to Mr Dias.
“However, programmes arranged in this way often end up exposing some critical gaps across the two programmes, especially in respect of resulting physical loss or damage from cyber events, which could be excluded in both policies. The gaps in cover can be exacerbated by the lack of understanding of the exposure, resulting in limits that are often inadequate,” he warned.