US cyber liability hard market here to stay as claims keep rising, says Best

The hard US cyber liability market is here to stay, according to AM Best, with claims increasing and loss ratios seeing just minor falls. Ransomware attacks, aggregation risks and social engineering scams remain critical challenges for the industry, says the ratings agency. In a report, US Cyber: The Hardest of the Property/Casualty Markets, Best says direct written premium for the US direct cyber market grew by 75% in 2021, but the loss ratio on standalone polices declined only 10%. Best says this suggests that increases will continue through 2022. “Cybercrime generated significant headlines throughout 2021,” said Christopher Graham, senior industry analyst, AM Best. “These attacks underscore the urgency of addressing cyber threats, which require brokers, underwriters, managing general agents and customers to work together, along with some legislative and regulatory involvement. The rising frequency and severity of ransomware attacks suggest that insurers need to be more proactive.” Ransomware is the main challenge, and questions have been asked as to whether insurers should pay ransomware, as it may encourage bad actors. But Best points to an audience poll conducted at Best’s Review & Preview Conference in March 2022 that found the majority of respondents said ransomware should be covered because it is an important value for the clients. Best says the rising frequency and severity of ransomware attacks suggest that insurers need to be more proactive with their clients’ cyber risk profiles to prevent these incidents. It says a requirement that insurers break out cyber metrics in their financial statements would lead to improvements in pricing and reserving. “Global regulators, along with the NAIC, should consider requiring that insurers break out cyber metrics in their financial statements, which will do much to improve accuracy and consistency of these metrics,” said Fred Eslami, associate director, AM Best. “It will also enable stakeholders to analyse trends and profitability, and to develop best cyber practices for a healthier marketplace.” Despite the ongoing growth in cyber claims in 2021, cyber insurers’ underwriting performance still improved, due largely to strong rate increases, which exceeded 30% in the fourth quarter. The segment also benefited from an overall decrease in cost-containment expenses. The report notes that some of the cyber growth is being driven by the overall hardening of commercial insurance prices, owing to inflation fears and a general weakening of the investment market. Standalone cyber direct premium grew by 95% in 2021, increasing to the point that it exceeded all 2020 cyber premium combined (standalone and packaged). In the past, the majority of cyber-related claims were on packaged policies but, according to the report, claims on standalone policies are now the majority – and growing. It says standalone policies are more often subject to claims, given that more sophisticated clients with more data and financial resources typically purchase these policies. Chubb is the largest writer of cyber insurance by premium in the US, followed by Fairfax and XL Reinsurance America. Best says Berkshire Hathaway’s acquisition of Alleghany will place the combined group among the top ten cyber writers, and says that Hartford writes the most cyber insurance policies. With cyberattacks becoming more complex, Best says it expects the cyber market to remain hard for some time, noting that the hardening market and a lack of capacity have also made captives an attractive risk management option for corporations. The report says cyber risk modelling is improving as more data becomes available but adds that the models “are not anywhere close in maturity to natural catastrophe models, such as those for hurricanes”. “In addition, there has not been a real world test of these models, which makes validating them a challenge,” it adds.