With the cyber risk hazard environment—ransomware, business interruption and aggregation—worsening significantly, prospects for the U.S. cyber insurance market are grim, according to a new AM Best report.
The Best’s Market Segment Report, “Ransomware and Aggregation Issues Call for New Approaches to Cyber Risk,” notes that cyber insurance, which began as a diversifying, secondary line and another endorsement on policies, is now a primary component of a corporation’s risk management and insurance purchasing decisions. Consequently, according to the report, insurers urgently need to reassess all aspects of their cyber risk, including their appetite, risk controls, modeling, stress testing and pricing, to remain a viable long-term partner dealing with cyber risk. Challenges the cyber insurance market are facing include:
- Rapid growth in exposure without adequate underwriting controls;
- The growing sophistication of cyber criminals that have exploited malware and cyber vulnerabilities faster than companies that may have been late in protecting themselves; and
- The far-reaching implications of the cascading effects of cyber risks and the lack of geographic or commercial boundaries.
Standalone cyber insurance policies, up 28% in 2020, have seen a higher rate of growth compared with packaged policies, which indicates organizations’ escalating concerns about cyber risk. Frequency on standalone policies also has increased faster also the last three years than for packaged policies. Hackers are becoming more sophisticated in their attacks and moving toward larger targets. The report also notes that hackers’ motives also appear to be changing as well, from stealing identities (third-party claims) to shutting down systems for ransom (first-party claims). Total claims rose 18% in 2020 owing strictly to first-party ransomware claims, which were up 35% in 2020 and now account for 75% of cyber claims. “The recent Colonial Pipeline hack—for a multi-million dollar ransom—is an example of first-party claims that have become so prevalent,” said Christopher Graham, senior industry analyst, AM Best.
The loss ratio for cyber insurance rose dramatically in 2020, to 67.8%, from 44.8% in 2019. However, the increase was not limited to just a few insurers—the loss ratio rose for 15 of the 20 largest cyber insurers.
“The rate increases for cyber insurance outpaced that of the broader property/casualty industry, but the increase in cyber losses outstripped the rate hikes, which suggests more trouble for 2021 as ransom demands continue to grow,” said Sridhar Manyem, director, industry research and analytics.
Although AM Best views the industry as being well-capitalized, individual insurers that venture into cyber risk without a thorough understanding of the market can find themselves in a vulnerable situation. “An insurer whose risk management approach is deficient can find itself subject to accumulation risk beyond its tolerance and could face ratings pressure,” said Fred Eslami, associate director, AM Best.
To access the full copy of this market segment report, please visit http://www3.ambest.com/bestweek/purchase.asp?record_code=309212.