State of the Cyber Insurance Market

Beginning 2016, a spate of cyber incidents affected global businesses, drawing unprecedented attention to this peril. From NotPetya to WannaCry, ransomware and malware attacks created havoc for businesses, causing huge losses. These attacks proved to be globally contagious, infecting organizations across tens of countries.

Ransomware attacks, where hackers steal e-files and demand money in return, have mushroomed this year. Ransom payment rose from $41000 in Q3’19 to $234,000 in 2020. Cyber insurance startups such as Coalition saw soaring demand for services. Annualized premium doubled from a year ago. Insurance covers range from ransomware attacks to getting overcharged on a large online expense.

To cover $1 million in potential damages, premiums could be $1500-$3000 a year at Coalition. To evaluate a potential client’s risk, they electronically scan the company’s devices.  Once covered, they scan thousands of times during a week.

In 2019, cyber premiums rose 11% year-on-year to $2.26 billion in the US, with top ten insurers accounting for 69% of direct written cyber premiums. Along with premium growth, the industry saw ransomware attacks rise during the year, loss ratios rising to 45% from 38%.

Three cybercrime risks top the trends: data theft, attacks using ransomware Trojans, and fraud with forged business emails. Cyber experts have depicted loss potential for insurance companies across  broad threat radars such as the one below.

Market surveys show demand for cyber insurance exceeds available capacity, accumulation risk being a deterrent. Cyber is a relatively young and evolving threat with a short history of claims experience. The threat is inherently scalable – a single malicious email can reach millions with a mouse click. Assessing the Probable Maximum Loss (PML) from a peril for this systemic risk is a key determinant to set risk appetite and an ongoing challenge. Carriers are compelled to assume their entire limit is at risk from a single event, constricting capacity and efficiency of risk-capital utilization. Besides, there may be hidden cyber exposure within existing coverages.

With the difficulties of measuring exposure comes the other challenge of assessing claims cost. Unlike natural catastrophes, cyber episodes endlessly adapt and recur with alarming frequency.

To address these shortcomings and improve exposure measures, insurers are actively collaborating to reduce loss margin through better quantification and accumulation risk modelling, smarter tools and data analytics. Data protocols are emerging that combine company info with digital risk indicators e.g. patching frequency and backup procedures.

In 2016, Lloyd’s established a schema for cyber exposure data, a standard for key features of input data in cyber risk tools and attributes. Lloyds has around 77 cyber insurers, assuming a quarter of global cyber risk market share with most business from the US. In one of the 2020 cohorts of Lloyds Lab, Kovrr developed an easy-to-use open framework to measure and understand catastrophic risk exposure. CRA-Zones framework defines minimal elements to provide a view of cyber risk aggregations. It groups cyber risk in a zone based on three elements: geography, industry and entity size.

MAPFRE RE uses Kovrr products to further capabilities for assessing accumulated cyber risk exposure in their treaties.

Hiscox and Chubb use technology from cyber risk analytics company CyberCube to generate insight on systemic cyber risk across their commercial portfolios. Using Portfolio Manager, stress tests run on its book of global commercial insurance business against a range of cyber-related catastrophe scenarios, such as cloud outages and global ransomware attacks. Risk modelling platforms let market participants bolster accumulation risk management and exposure management.

Cyber insurance is fertile opportunity to meld risk mitigation and transfer, where carriers support impacted companies to get back on their feet while also aiding reduction of cyberattack frequency and severity. The next few years may see this come to fruition, with insurers helping augment cybersecurity hygiene and curtail the cost of cyberattacks.

Cover Image Credits

You get 3 free articles on Daily Fintech. After that you will need to become a member for just US$143 a year (= $0.39 per day) and get all our fresh content and our archives and participate in our forum.

Start the conversation at Daily Fintech Conversations