Cyber market under pressure as broker warns of tough 2022

Underwriting, limits, price and coverage are set to blight the cyber insurance market in the year ahead according to a new report by broker Marsh.

Launching its UK Cyber Insurance Trends Report for 2021, at the AIRMIC annual conference in Liverpool the broker warned the rapid changes witnessed in recent years show little signs of slowing.

“The cyber insurance marketplace has witnessed unprecedented changes in the past two years that have had a significant impact on both clients and insurers and how they perceive and evaluate cyber risks,” said the report. “The London cyber market continues to grow, with companies domiciled in different parts of the world purchasing cyber coverage.

“Some have had long-standing relationships with London-based insurers while others — mainly large organisations with sophisticated risk transfer programmes — want to further diversify their programmes. Other buyers are purchasing cyber insurance from the London market to increase their capacity.”

Marsh added in last year’s edition of the report, it noted that the pandemic had accelerated the adoption of digital technologies among clients, which, in turn, prompted a re-evaluation of digital risk exposures.

“Through the remainder of 2021, the technology-adoption trend continued and cyber has remained a prominent issue on the risk registers of organisations,” it added. “At the same time, the frequency and severity of cyber claims — particularly cyber extortion claims — has continued to impact insurers.”

As such Marsh said insurers have responded by restricting cover and significantly increasing pricing and so clients have experienced a rapidly firming market.

“The cyber insurance market is now focusing on addressing systemic risks within the cyber portfolio. But efforts to tackle this with exclusionary language have caused further frustration for clients,” Marsh added. “The Russia-Ukraine conflict, which is ongoing at the time of writing, is also creating significant concern that cyberattacks would intensify as the crisis deepens.

“The cyber risk landscape remains complex. As existing risks evolve and new ones emerge, trends in cyber insurance have shifted in the past year.”

The report said insurers are focusing on the controls that organisations have in place to improve their cyber resilience such as MFA, cyber incident response planning and digital supply chain risk management.

Increased technology adoption and the associated heightened cyber risk has led to a significant increase in insurance buying by power and utilities and manufacturing companies, the report added. Purchasing by more traditional buyers, such as retailers and financial institutions, has declined mainly due to capacity reductions and higher rates.

Average limits have also fallen as market conditions deteriorate. The aviation sector, including airlines, airports, and aviation manufacturers, experienced the most significant limit reductions, a drop of 19%, from a £120 million average in 2020 to £97 million last year, while limits in communications, media, and technology (CMT) were down 15%, from a £97 million average in 2020 to a £82 million average in 2021.

Data breach and ransomware incidents continued to be the most common type of cyberattacks in 2021. Although data breach attacks have witnessed a slight decline, ransomware events increased again in 2021. The healthcare industry, CMT companies, and financial institutions are driving cyber losses, accounting for 58% of losses between 2015 and 2021.

“Increased pricing for cyber coverage, lowered capacity, and more stringent underwriting have become consistent trends across the past couple of years and continued to affect insureds’ cyber programmes in the first quarter of 2022,” Marsh added. “As we look ahead at the rest of the year, we expect to see the cyber insurance market affected by four major trends: underwriting, limits, price and coverage. “

In terms of underwriting Marsh said the conflict in Ukraine is already sparking new questions and exclusions from underwriters as they seek to understand insureds’ possible exposure to the potential cyber aspects of the conflict.

“We are also seeing more insurers hiring technical cybersecurity specialists and engage in outside-in scanning. Insureds are also being asked to provide more technical details on controls during their submissions,” the report added. “Further, the placement or renewal process may require increased involvement from an insureds’ chief information security officer.”

In terms of the pressure in limits the report said underwriters are expected to continue operating with limited capacity through 2022 and will likely, therefore, continue to deploy capacity in the $2.5 million to $10 million bands. There are several new entrants in the market, increasing capacity by around US$20 million.

The report said rate increases for cyber polices have continued for over 12 months, intensifying in Q3 and Q4 of 2021. Given that buyers have seen significant pricing increases for the 12-month cycle up to the second quarter of 2022, some flattening of pricing is expected in the third quarter of 2022. We expect to see underwriters continue to use data and target industries that align to their appetites. This will likely lead to greater diversification of pricing by industry vertical and between insurers.

“War exclusions in cyber policies were already heavily debated, with the London Market Association publishing their model exclusions in December 2021,” added the report. “The Russia-Ukraine conflict has brought the topic into an even sharper focus for all parties, and the complexity of the issue means this will likely remain contentious throughout 2022.

“In addition, considerations around industry catastrophic events such as cloud providers, common vulnerabilities and exposures, operating systems, infrastructure, and war are widely recognised as the next big topics that the market needs to tackle.”

Follow us on twitter: @risksEmerging

Twitter feed is not available at the moment.