Thinking of the cyber market in terms of peaks and valleys isn’t useful, according to Michael Shen, head of cyber and technology for the London market at Canopius. It suggests further “undulations,” he said, rather than an eventual leveling-off at this new higher level of rate.
“We are heading into a period where it is a ‘new norm’ and the prices that were charged historically unfortunately just weren’t sustainable in that they priced in infrequent but severe losses, but did not price in frequent and severe or catastrophic or catered to the sort of regulatory scrutiny we’ve seen on the class in recent years.”
Five to 10 years ago, the premium-to-policyholder ratio was higher, according to Alec Cramsie, head of London wholesale, cyber and tech for Beazley. As more policyholders entered the market, that ratio eroded, he said.
“For us to be a sustainable market, we need to have more premium in the market,” said Cramsie. “As a result of that, I think prices need to come up and stay up for the long term.”
Investors and other key stakeholders also now know “how catastrophic it can be” if appropriate balances on capacity and competition are not met, he added.
Loss inflation has predominantly driven the cyber hard market, but reinsurance also contributes, according to Anthony Cordonnier, managing director and global co-head of cyber at Guy Carpenter. The cyber reinsurance market “is incredibly condensed,” with the top 5 reinsurers writing about 70% of the market. More capacity is needed, and other players have shown interest amid positive rating and underwriting actions, but more data is needed to broaden interest.
“Just to standstill, we probably need about 20% to 30% more capital every year, just as a market,” Cordonnier said, adding that higher demand and concern around cyber risk are “compounding the effects of that inflationary pressure.”
For buyers, attaining coverage has become more complex than ever, with many not making the cut, according to Shannan Fort, partner for financial lines and cyber at McGill & Partners, who moderated the panel.
“I think we are seeing more -- more than I’ve seen in my career -- clients who have just been unable to get to that point. It’s a bit disconcerting to see that happen for the first time,” she said.
However, insurers on the panel said the cybersecurity hygiene asks of buyers are meant to be achievable and “relatively simple” to implement.
“We want it to be this virtuous circle where we can underwrite risks that have better risk controls and provide data back to them around how they might improve … from what we’ve seen, 90%-plus of the risks that are being asked to make these controls are able to do so,” said Shen.
“As long as there’s a market, there will probably be a home for most people seeking insurance,” said Cramsie. Insurers have a variety of appetites, he added, and no choices would indicate a “shrinking and disappearing” market.
“Arguably, I think some of us might say we are a bit too close to that for comfort already,” said Fort. She questioned how all parties can work together to keep the market sustainable.
Understanding systemic risk is key, said Cordonnier. Demonstrating the industry’s resilience to realistic disaster scenarios like a massive cloud outage or widespread malware infection
“These are issues that can be solved through underwriting and rating actions, but we’ve not had a true CAT year yet,” he said. Even 120% loss ratios are “nowhere near as bad” as a bad year in catastrophe-exposed lines could look.
“We need to demonstrate value. If we can drive the conversation away from price and more towards what you get out of being with that insurer and the sort of insights you get and that feedback loop, hopefully we can have a more sustainable market going forward,” said Shen