Cyber insurance is a once niche product that is now firmly part of the underwriting mainstream, representing a risk management response to one of the most important emerging threats that business have to contend with.
And threat it most certainly is: only this week it emerged that the ransomware plague which has affected so many public and private entities this past years has sadly continued, with Glasgow-headquartered engineering specialist The Weir Group disclosing that it has been the target of a “sophisticated attempted ransomware attack” that occurred in the second half of September.
The company reported that its cyber security systems and controls responded quickly to the threat and that it undertook “robust action”.
This action included isolating and shutting down IT systems, including core enterprise resource planning and engineering applications. It said that these applications are now restored on a partial basis, while other applications are being brought back online in a progressive manner in order of business priority.
The attack led to a number of ongoing, but temporary, disruptions including engineering, manufacturing and shipment re-phasing, which has resulted in revenue deferrals and overhead under-recoveries.
Earlier in the month, it also emerged that two individuals had been arrested in Ukraine over suspected ransomware attacks for which ransom demands were set as high as €70 million ($81 million), according to Europol.
The suspects are alleged to be members of an organized crime group “suspected of having committed a string of targeted attacks against very large industrial groups in Europe and North America from April 2020 onwards”, according to the law enforcement agency.
The arrests were made on 28 September during an operation that saw law enforcement search seven properties, resulting in the seizure of $375,000 in cash and two luxury vehicles worth around $250,000.
Assets of $1.3 million in cryptocurrencies have also been frozen, according to Europol.
Europol described the arrestees as “prolific ransomware operators” who were known for making “extortionate ransom demands” that ranged between €5 million ($5.8 million) and €70 million ($81 million).
The attackers deployed malware and stole then encrypted sensitive data, before offering a “decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met”.
Ukrainian police were supported in the investigation by French law enforcement, the FBI, Interpol, and Europol’s Joint CyberCrime Action Taskforce.
Claims set to increase
As this were not enough, a report out this week by Fitch Ratings notes that although the cyber market has been profitable for US property/casualty insurers for several years, recent growing losses tied to network intrusions, phishing incidents and denials of service will likely increase claims volume and average cost per claim going forward.
However, according to Fitch, a negative rating action tied to underwriting losses related to a cyber incident is unlikely, despite recent weaker cyber insurance underwriting performance. As it points out, cyber is less than 5% of most companies’ premium mix, with market share held by larger, well-capitalised insurers that cede material portions of the business to reinsurers.
Continued growth in cyber intrusions and ransomware events may pressure the durability and long-term profitability of the cyber insurance market and insurers’ internal management of cyber threats, it adds, while the growth of risk exposure and rising claims losses have elevated the P&C sector’s standalone cyber direct loss and defence and cost-containment expense ratio to 73% in 2020 from an average of 42% for the previous five years (2015–2019).
The market saw sizable rate increases and tighter terms and conditions in 2021, as some larger writers of cyber insurance reported deteriorating loss experience, the rating agency says, noting that the underwriting and pricing of cyber coverage are challenging due to limited historical policy and claims experience; companies with greater market share and a longer history in cyber have an informational advantage and have fared better than smaller-sized peers.
Fitch adds that favourable pricing momentum is expected to continue in 2022, according to The Council of Insurance Agents and Brokers’ (CIAB) Q2 21 P/C Market Survey, which indicated rising cyber renewal premium rates over the last 18 months, including a 25% increase in Q2 21. However, continued unfavourable claims experience points to higher cyber loss ratios in 2021. Earned premium growth from recent pricing actions will help stabilize results for 2022.
Fitch also notes that ransomware events increased by over 400% over the past two years, according to CrowdStrike Holdings, with the IBM/Ponemon Institute estimating the average total cost of a ransomware breach at $4.62 million.
For more information on the current state of the cyber market, see Fitch’s recent webinar on cyber risk which discusses evolving risk exposures and underwriting activity in the segment.