Peter Zaffino, CEO of AIG, is the latest insurance industry leader to clearly rule out any softening in the cyber insurance market, as carriers continue to re-underwrite a business line that is suffering ever-greater and difficult-to-forecast losses.
Mr Zaffino told German insurance managers gathered for the virtual GVNW Symposium during his presentation on Thursday evening that this currently tough market is here for some time yet.
This follows comments from Munich Re earlier in the week that, while it is keen to increase its share of the cyber market, it would be firmly based on careful risk selection, higher prices and improved loss prevention and risk engineering standards.
Mr Zaffino said cyber is not like more traditional risks such as hurricanes. He pointed out that when a hurricane damages a building, it can be rebuilt to withstand future winds. The wind does not look for alternative ways to get in the building and wreak havoc. “That is cyber,” he commented.
AIG seriously reduced its limits on offer for cyber as prices soared back in 2019. Mr Zaffino has consistently defended the insurer’s stance in a market that has changed dramatically in recent times, because of the rise in ransomware attacks and realisation of the potential scale of the systemic risk.
“I am asked during every earnings call, will rates accelerate or slow down? It is an impossible question because it depends on profitability, form of terms and conditions… cyber is not a probabilistic line of business it is more deterministic. You have to understand the industry, segment and risk… to apply a rate on line. It’s in the eye of the beholder. The [cyber] market we are in, we should be prepared to be in for a while,” added Mr Zaffino.
Aleander Mahnke, chairman of the GVNW, politely reminded Mr Zaffino of the difficult position that the sudden loss of cyber capacity and spiralling rates (as with D&O) had put customers in during recent renewals. Mr Mahnke has consistently reminded the market that it was not long ago that carriers such as AIG were falling over themselves to offer cyber cover at a very affordable price.
Mr Zaffino honestly conceded that during the height of the recently ended long soft market, AIG, along with most other leading carriers, basically lost control of underwriters and was offering excessive limits without really recognising the underlying loss costs. The return to a more realistic and stable underwriting approach – albeit with reduced limits and higher prices – is actually good for everyone in the market, he suggested.
“Cyber, you could get capacity everywhere because there were no losses… but understanding the systemic risk of cyber is impossible. You need to protect yourself against frequency and severity, the management of the risk has to be very judicial and you have to understand you cannot protect everything. If you get hurt by not understanding, it then you cannot be consistent for clients,” said Mr Zaffino.
The AIG CEO added that in his view, there will not be excess capacity returning to the cyber marker anytime soon, if only because of reduced appetite for the loss-ravaged line among leading reinsurers. “I don’t see the market changing from today,” he added.
Mr Zaffino’s remarks at the GVNW Symposium came days after Thorsten Jeworrek of Munich Re clearly stated that, while the reinsurance giant will remain a leader in the cyber market, there needs to be a sharper focus on loss prevention and risk engineering, and that cheap capacity is not the answer.
Demand continues to rise for cyber cover but Munich Re clearly sent the message that customers need to think differently about this business=critical risk.
“Given the great economic significance of cyber risks, the demand for cyber insurance, which requires special expertise owing to the dynamic development of the risks, is increasing appreciably,” stated Munich Re.
“The boost to digitalisation triggered by the coronavirus lockdowns has led to a dramatic rise in cyberattacks, which are also becoming increasingly sophisticated. Claims from so-called ransomware attacks have seen a particularly significant surge – a trend that is likely to continue,” added the reinsurer.
Munich Re said that given the rising number of losses, prices for cyber insurance have “burgeoned”, and risk carriers have limited their capacity. It said the demand for insurance and service solutions is “huge” and many companies are concerned about the rise in cyberattacks. At the same time, four out of five top managers interviewed in the first Global Cyber Risk and Insurance study conducted by Munich Re admitted that their companies had insufficient protection. Hence, the need for a new approach to this line.
“To do justice to the dynamics of the risk and constantly changing trends, Munich Re is further expanding its network and partnerships. Munich Re’s own expertise in modelling cyber risks is being honed further, thanks to its access to data and technologies. In collaboration with clients, solutions are being drafted that go far beyond traditional approaches and comprise not only customised cyber coverage but also services to prevent and cope with attacks (also referred to as pre- and post-incident services). The inclusion in insurance covers of such consulting services geared to limiting losses is becoming increasingly important, particularly given the growing number of ransomware attacks. This will raise cybersecurity standards and make risks more insurable,” explained Munich Re.
And there is no hint whatsoever of a softening in this market, according to Munich Re’s statement.
“Thanks to stringent risk selection and a balanced portfolio, Munich Re has kept the rising ransomware losses in its book of business readily manageable. In addition, price increases in a hardening market environment are producing a stabilising effect. Munich Re is adhering to its plan to grow profitably, based on a current market share of roughly 10%,” it stated.