In common with the wider market, American International Group (AIG) has said that it plans to tighten its cyber insurance terms and conditions.
In a conference call with analysts, recently installed CEO Peter Zaffino (pic) said: “We continue to carefully reduce cyber limits and are obtaining tighter terms and conditions to address increasing cyber loss trends, the rising threat associated with ransomware and the systemic nature of cyber risk generally.”
The move by AIG typifies a wider market sentiment to ensure a greater degree of control over possible cyber exposures after a torrid first half experience, which has seen a number of high profile ransomware attacks on private and public entities globally.
AIG is far from alone here. Reporting its first half results, carrier Hiscox drew attention to significant changes to its cyber offering, as it responds to an increased frequency and severity of cyber claims.
According to Hiscox, the claims have been witnessed across a number of markets, particularly in the US region, impacting both Hiscox USA and Hiscox London Market:
“We saw early signs of this emerging trend three years ago and have been undertaking portfolio actions since 2019. We have adjusted the Group’s cyber risk appetite and implemented corrective actions including repricing, focusing on customers with lower revenues in Retail and writing at higher excess levels in London Market.”
Significantly, it said it is introducing changes to its cyber product offering. For example, in the USA, it has added new features such as co-insurance and a sub-limit for ransomware.
Ransomware is a type of malware that threatens to publish data or perpetually block access to it unless a ransom is paid – and it is a huge issue for business at the moment, with a spate of high profile ransomware attacks hitting the headlines in recent months.
The attack on Colonial Pipeline is perhaps the most significant in a series of similar cyber-attacks from sophisticated criminals, with other targets including meat producer JBS; Toshiba; Axa Insurance; CNA Insurance; and the Irish Health Service.
In the case of Colonial Pipeline significant disruption was suffered by the US East coast energy infrastructure network, and Colonial ended up paying a $4.4 million ransom – though reports have suggested that with the help of US federal agencies $2.3 million of the cryptocurrency demand was subsequently recouped.