The cyber insurance market is on the cusp of potentially transformational growth, however major challenges remain.
Broker Howden has issued its third annual report on cyber insurance, titled Coming of Age, which reveals that the size of the market could reach $50 billion by 2030.
However it cautions whilst that the foundations are in place for the cyber market to scale up, the realisation of this potential is tied to three key factors: distribution, tail-risk management and attracting capital.
The report added following a major market correction off the back of surging ransomware claims in 2020 and 2021, which led to the cost of cyber cover more than doubling, conditions started to stabilise last year as activity relented and more robust risk controls deterred or mitigated attacks.
“But cyber rarely stands still, and developments in 2023 point to a nuanced marketplace, with optimism around more favourable supply dynamics for insurance buyers, off the back of improved underwriting performance for insurers, tempered by resurgent ransomware activity, ongoing concerns about potential systemic losses and capital availability,” the report added.
Howden said the first half of 2023 saw a significant rise in ransomware attacks, but disclosures from a number of carriers in the first three months of this year suggest this has not (yet) been accompanied by a corresponding rise in claims. This points to the efficacy of risk controls in making companies more resilient and supporting a more stable cyber insurance market. Conditions are now relenting, and buyers that have the correct risk controls in place are being rewarded with more favourable pricing and terms.
This puts the market on a sound footing for growth, but the report shows that more work need to be done if it is to meet the growing demands of clients worldwide. By overcoming potential limitations around systemic risk, penetration and capital, the cyber insurance market has an unparalleled opportunity to grow.
The introduction of new war language has been contentious, but the broker said clients are increasingly recognising the importance of proactively scoping out the parameters of cover for cyber warfare, both for their own benefit such as minimising the potential for coverage disputes, and for providing underwriters and investors with the confidence needed to commit to the market.
Sarah Neild, head of UK Cyber Retail, said: “Getting this right is crucial for the sustainability of the cyber market. By providing a framework designed specifically for cyber’s unique risk profile, clients will be offered more certainty around the parameters of cover and what is insurable and what is not. The process of defining the limits of cover specific to cyber acts of war will help to fulfil the potential of this market, but only if the clauses are fit for purpose and clients’ needs are met.
“With one of the largest global reinsurers steadfast on the application of their war language, wider adoption seems inevitable, despite carriers’ disparate views on what adoption should look like. Increased uniformity on this topic would ultimately help the market secure relevance for the long term.”
The report added pricing increases in recent years, from 2020 onwards especially, have driven the growth of the cyber insurance market, but these tailwinds for insurers are now unwinding or even reversing in certain areas. Whereas annual rate increases of more than 100% were recorded during the first half of last year, the corresponding period in 2023 has seen flat renewals or even decreases in recent months as pricing has come off historical highs.
Dan Leahy, Associate Director, at Howden added: “Having navigated the early phases of development that often come with new, fast growing lines of business, the cost of cyber insurance is now more commensurate with loss costs following the recent correction. Whilst the first half of 2023 has seen pricing decline, the sustainability of this trend remains uncertain given the pervasive threat environment.
“Rates nevertheless cannot be relied upon to drive market expansion to the extent that they have recently, requiring ambitious plans for exposure growth. Penetrating new territories and company demographics is therefore pivotal to realising the full potential of cyber insurance.”
Although risk awareness is growing across the board, cyber insurance essentially remains a large corporate market currently, and work needs to be done in engaging with smaller companies especially. In France, for example, of the premiums paid for cyber insurance in 2022, 85% came from large companies. The remaining 15% coming from mid-sized companies and SMEs, but were responsible for a disproportionate share of reported claims.
The direct market’s use of reinsurance is the single biggest differentiator between cyber and any other class of business, the report continued. With approximately 45% of cyber premiums ceded to reinsurers currently, broad capacity constraints and price corrections in the reinsurance market present potential limitations.
If the cyber market is to scale up to rival other major lines of business, cyber reinsurance supply will need to increase significantly in order to meet demand between now and 2030 Howden explained. Whilst cyber reinsurance premiums are currently in the range of £6 billion, they would need to increase more than three times over in order to fulfil growth expectations by the end of the decade. Such high levels of growth would be ambitious during favourable market conditions, let alone when supply is as constrained as it is currently in the reinsurance market.