In the new Best’s Market Segment Report, “Cyber Insurance: Profitability Less Certain as New Risks Emerge,” AM Best notes that growth has slowed significantly from 2016-2017 when direct premiums written grew by more than 30% annually, as the cyber threat landscape has expanded and the awareness of the risks have increased. Protracted litigation has demonstrated that cyber attacks can have a longer tail than expected, underscoring the importance of managing so-called silent cyber. Additionally, the frequency and severity of ransomware attacks have escalated, as have data breaches and kidnaps in the health care industry. Given the similarities between a pandemic and a cyber attack, the large-scale global economic and societal disruptions caused by COVID-19 should cause insurers to rethink and enhance their stress testing and focus on greater clarity in their insurance contracts to set transparent expectations for themselves and their clients.
Highlights from this year’s report include:
Standalone cyber policy premiums were up by 14% in 2019, notably outpacing the 7% growth in packaged cyber policies and highlighting organizations’ escalating concerns about cyber risk and their strategic choice to purchase policies solely for cyber risk protection;
The total number of claims has doubled since 2017 to approximately 18,000 in 2019, which could create a pricing issue if rates cannot keep up with the rising frequency. Moreover, standalone direct paid loss and defense and cost containment rose for a third straight year, to 32.5% in 2019 from 23.1% in 2018;
Chubb INA Group remained the top cyber insurer in 2019, ahead of XL Reinsurance America Group (AXA XL) and American International Group, with $356.9 million in cyber direct premiums written, of which nearly all were for packaged policies; and
Hartford Insurance Group again held the most cyber policies in force at year-end, with 543 million.
The report notes that AM Best’s market figures likely are understated given lack of standardization in cyber policies and reporting, as well as a considerable usage of captive and surplus lines insurers to write cyber coverage.
Insurers are making greater efforts to provide clarity and explicitly exclude cyber coverage in non-cyber policies, to diminish or eliminate silent cyber exposures. Clients and businesses are also becoming more sophisticated and want separate cover for cyber, as they do not want other risks (e.g., directors and officers, property) to eat into their aggregate coverage. AM Best believes that comprehensive risk management practices will help prepare for unexpected shocks when they occur.
To access a copy of this report, please visit http://www3.ambest.com/bestweek/purchase.asp?record_code=299463.