After being battered by a rash of pandemic-era ransomware attacks, the cyber-insurance market is making a comeback. Price increases are easing, new carriers and capital sources are emerging, and businesses can now afford coverage.
According to preliminary data from insurance broker Marsh McLennan, cyber-insurance pricing increased 10% year on year in January, a fraction of the 110% annual increase reported in the first quarter of 2022. If these trends continue, prices may fall, according to Tom Reagan, Marsh’s cyber practice leader.
The reversal would come after a wave of digital intrusions that dominated the work-from-home era and forced insurers to rethink how they write policies as well as their risk appetites. These attacks also compelled their clients to implement more stringent cybersecurity measures. According to Marsh, market conditions have improved since then, with claim frequency declining in the fourth quarter of 2022 even as severity has remained high.
“What we’re left with is a very, very, very different market than what we went into two or three years ago,” said Paul Bantick, global head of cyber risks at Beazley Plc in London. “We have a mature market that has withstood a significant test.”
Cyber criminals continue to pose enormous risks. Ransomware attacks on industrial organizations increased by 87% in 2022 over the previous year, according to the US Treasury Department, while financial institutions predicted nearly $1.2 billion in ransomware-related payments in 2021. Recent high-profile breaches at ION Trading UK and a major Asian data center highlighted the grave danger posed by hackers.
Nonetheless, according to Chainalysis data, the total amount extorted from ransomware victims in 2022 fell to $456.8 million from $765.6 million the previous year.
In this uncertain environment, the cyber insurance market is poised for growth. According to a report published late last year by Swiss Re AG, insurers worldwide will write $10 billion in cyber premiums in 2021. According to the firm, that figure is expected to exceed $23 billion by 2025. According to Swiss Re, more than half of businesses have cyber policies, but fewer than 20% have policy limits that exceed the median ransomware demand.
The proliferation of cyber attacks during the pandemic’s work-from-home boom forced insurers to become more selective when writing policies. Underwriters have refined their coverage since then, and clients appear to have stronger defenses in place.
“The cyber market is evolving and will continue to evolve as threat actors change over time,” Aon Plc President Eric Andersen said earlier this month during a conference call with investors and analysts. “When you consider the cyber market today and where it’s going, I’d say insurers have actually gone back to basics.”
These modifications have paved the way for new capital to enter the market.
IQUW, a Lloyd’s of London insurance syndicate, began writing cyber policies in 2022 to “provide meaningful capital at a time when demand was high,” according to Andrew Lewis, IQUW’s lead cyber underwriter.
According to Chief Executive Officer Stephen Sills, Bowhead Specialty Underwriters Inc. began writing cyber policies in 2022 after determining that the coverage would complement its other lines of business.
“There was a relative shortage of capacity for a while,” Sills explained over the phone. “We believe that the number of claims and the severity of claims has recently decreased.”
New entrants are causing “a lot more competition,” according to Adam Lantrip, head of the cyber insurance practice at brokerage CAC Specialty. This is assisting in the normalization of rates while allowing businesses to rebuild the stack of insurance policies they use to protect themselves against an attack.
Not only are new entrants bringing more capital to the market. In January, Beazley announced the first-of-its-kind $45 million cyber catastrophe bond. The security is intended to protect against a widespread event that results in losses of more than $300 million — the type of attack that would pose a significant threat to the industry.
The issuance demonstrates how much the market has matured and how insurers are still considering how to innovate in the space.
“We want to be present in the future. “We want to be a long-term business,” said Michela Moro, regional cyber head at Allianz SA. “That has undoubtedly had an impact on how we handle the underwriting process, as well as how we try to provide support and thought leadership to our clients.”