Cyber premiums soar as market hit by double whammy

As delegates arrived in Liverpool for the AIRMIC conference, a new report from broker Howden has revealed that higher loss frequency and severity from ransomware have caused such an extreme supply-demand imbalance in the cyber insurance market that today’s average cost of cover has more than doubled in a year.

The broker has today released its second annual report on cyber insurance, titled “A Hard Reset 2.0”.

The report looks at developments that have shaped the market in the past year – including ransomware trends and vulnerabilities, risk aggregation, the Ukraine war, economic sanctions and the spectre of cyber warfare – and assesses how the insurance market has performed through this period of flux.

It said publicly available data illustrates why the price has leapt. With the annualised number of global ransomware incidents up 235% in 2021 compared to 2019 and average US ransom payments rising by 370% over the same timeframe, insurers are redrawing pricing and exposure strategies.

It added having hit a peak in the second quarter of 2021, there was a moderation in the number of ransomware incidents towards the end of the year with this trend continuing into early 2022.

Shay Simkin, global head of Cyber, Howden, explained the issues are twofold.

“Market conditions remain difficult, but two potential tailwinds may help companies and insurance carriers as this year progresses,” he said. “The first is off the back of more favourable ransomware trends following underwriting and risk management actions taken in response to increased ransomware frequency and severity. Companies are more resilient to ransomware attacks today than they were this time last year.

“The second, the war in Ukraine, is a lot more unpredictable, but it appears the conflict has so far dampened cyber frequency further as both warring sides focus their efforts on conventional warfare. This could of course change in an instant – for example, a ceasefire, a large-scale cyber attack, pressure on Russia’s government to find new revenue streams as economic sanctions bite – but for now insurance claims are down compared to last year. All of which raise important questions around the prioritisation and efficacy of cyber operations during wartime.”

Howden warned the way these dynamics play out for the rest of 2022 “will be instrumental in shaping the pricing environment”. For the best part of a year, cyber has experienced the most extreme rate increases across the entire insurance market, as reflected by Howden’s real-time, global cyber insurance pricing index, which includes average year-on-year rate movements, dating back to 2014 its added The last two full quarters (4Q21 and 1Q22) saw average annualised increases in excess of 120%, according to Howden data.

“The last year has been characterised by price corrections, contracting capacity and restrictive terms – classic hard market territory,” said David Rees, executive director, Howden. “Whilst the value of cyber insurance continues to prevail for the vast majority of buyers, pricing is now approaching the limits of economic viability for some. Compounded increases from here are not sustainable, which, assisted by the more favourable claims environment that appears to be manifesting this year, is likely to moderate or even stabilise pricing. Improved insurer performance should also help attract new capacity into the market.”

The report said cyber continues to live up to its dynamic reputation. Just as companies and insurers have been adjusting to the new reality of ransomware, the war in Ukraine brings uncertain implications, both within and beyond the conflict zone. The array of groups operating in the cyber battlefield complicates distinctions between state-sponsored attacks and those carried out by non-state actors. Whilst the conflict appears to have reduced cyber frequency in the near-term as both warring sides (which host some of the worst offending ransomware gangs) refocus their efforts, the situation remains highly volatile and a lot can still change.

“The applicability of sanctions and ransom payments is also under scrutiny,” said Howden. “Even if ransomware incidents return to their pre-war trend, any potential Russian-linked ransom payment claim could be prohibited by economic sanctions. The scope of cyber coverage and war exclusions have also been the source of considerable debate since the start of the conflict.”

While resilience is important the report warned even the best prepared companies cannot eliminate the risk of a successful attack entirely.

“Insurers are reacting to fast moving risk developments, which in turn is driving a rigorous insurance placement process that involves deep scrutiny of clients’ cyber control,” said the report. “Questionnaires are more detailed and demanding – the scope is far more technical in nature than last year and new questions are appearing on a regular basis. There is unlikely to be any let up in insurers’ probing of cyber security any time soon. Preparation and timing are therefore paramount in this market, and companies need to anticipate a prolonged and meticulous placement process.”

On the plus said the report said the ingredients for a more mature cyber market are now in place. “Hardened cyber defences have left companies less vulnerable to prolonged disruption in the event of an attack or breach, and the cost of cover is now more commensurate with loss costs.”

Follow us on twitter: @risksEmerging

Twitter feed is not available at the moment.