Cyber insurance has been profitable for US property/casualty (P/C) insurers for several years, but recent growing losses tied to network intrusions, phishing incidents and denials of service will likely increase claims volume and average cost per claim going forward, Fitch Ratings says.
However, a negative rating action tied to underwriting losses related to a cyber incident is unlikely, despite recent weaker cyber insurance underwriting performance. Cyber is less than 5% of most companies’ premium mix, with market share held by larger, well-capitalized insurers that cede material portions of the business to reinsurers.
Continued growth in cyber intrusions and ransomware events may pressure the durability and long-term profitability of the cyber insurance market and insurers’ internal management of cyber threats. Growth of risk exposure and rising claims losses have elevated the P/C sector’s standalone cyber direct loss and defense and cost-containment expense ratio to 73% in 2020 from an average of 42% for the previous five years (2015–2019).
The market saw sizable rate increases and tighter terms and conditions in 2021, as some larger writers of cyber insurance reported deteriorating loss experience. Underwriting and pricing of cyber coverage are challenging due to limited historical policy and claims experience; companies with greater market share and a longer history in cyber have an informational advantage and have fared better than smaller-sized peers.
Favorable pricing momentum is expected to continue in 2022, according to The Council of Insurance Agents and Brokers’ (CIAB) 2Q21 P/C Market Survey, which indicated rising cyber renewal premium rates over the last 18 months, including a 25% increase in 2Q21. However, continued unfavorable claims experience points to higher cyber loss ratios in 2021. Earned premium growth from recent pricing actions will help stabilize results for 2022.
Ransomware events increased by over 400% over the past two years, according to CrowdStrike Holdings, with the IBM/Ponemon Institute estimating the average total cost of a ransomware breach at $4.62 million.
Fitch’s recent webinar on cyber risk discusses evolving risk exposures and underwriting activity in the segment.