Few lines have been talked about in recent years much like cyber. In fact, Accenture has predicted a $ 25 billion growth in annual cyber premiums globally by 2025 – or a 500% increase over today's $ 5 billion GWP. Demand has never been higher. Nor have prices. And society continues to digitize rapidly. But is it really that simple for cyber insurance companies that these factors make them stand out?
To reverse the saying: with great reward comes great risk. So while cyber promises guarantees both attractive scale and attractive margins, it can easily be their biggest challenge ever from a product perspective. The exposures are new and complex. The ghost of catastrophic loss casts a shadow on the book. And volatility threatens to stifle the market.
Cyber stands at a crossroads, but there is a profitable path to growth ̵
Drawing Tomorrow's Hyperconnected Cloud Economy
Like everyone who stands at a crossroads, the first question cyber insurers need to ask themselves is why. Why cyber insurance?
Centuries ago, our transition from local trade to international trade was taken out by insurers – providing the necessary insurance for individuals to engage in the global economy, free from the risk of losing everything. Today, our societies are undergoing similar monumental changes, as the physical economy turns into a digital one. Valuable loads are delivered not only to remote physical locations but also to virtual ones.
For that reason, the digital economy needs a strong cybersecurity insurance sector in the same way as the physical economy needed to guarantee shipping. Cyber insurance not only provides a safety net for individual companies on the wrong side of a cyber attack, it promotes inclusion in the digital economy more generally — something that will surely help, not hinder, our attempts to solve the biggest problems we face as a species. And that need is already apparent today.
Cyber incidents have increased in recent years, including ransomware, hacking and denial-of-service attacks, many of them carried out via phishing techniques. Ransomware in particular has seen an escalation in both frequency and severity, inflated by perverse ransomware-as-a-service models and new attack methods such as double blackmail. Catalog
Source: Unit 42 Ransomware Threat Report 2021 (Palo Alto), SonicWall Cyber Threat Report 2021, Business Insider; data on redemption sizes only apply to the USA, Canada and Europe
Cyber risk was long considered a niche problem that only the world's largest companies face. But its potential to influence smaller players has come into sharp focus during the COVID-19 pandemic, and it is without a doubt the biggest systemic threat. If the future is a "Cyber Wild West", then the survivors will be big companies, not small companies.
Smaller companies have already proved less well prepared to deal with a remote workforce and the increasing cybersecurity issues that entail. By 2020, around 40% of UK medium-sized companies (50-250 employees) were duly aware that their cyber risk had increased since the start of the pandemic (GlobalData). And the long-term trend towards teleworking – and thus access to remote systems – will only continue.
The future is truly a one-way street for all the basics of cyber risk. The manual folds for digital, 4G to 5G, Internet of Things to Internet of Everything. More and more data is flooding into the cloud. Corporate insurance companies also play their part here, writing indirect cyber impacts – including property damage and liability – out of standard policies and leaving them nasty. In a future with autonomous vehicles, factories and logistics, this "silent cyber" exposure is beginning to look particularly frightening to smaller players.
Cyber Insurance and the Hard Market Process
Given these growing risk factors and the potential for insurance companies to appeal to them, it is hardly surprising that interest in cyber insurance coverage has swelled. However, losses have swelled even faster, exceeding premiums and prompting major price adjustments, especially in the United States.
While the average payout on a US stand-alone cyber insurance was $ 140,000 in 2019, this had gone 150% to $ 350,000 by 2020 (Fitch rating). Continued heavy claims have pushed the books further into the red in 2021, with various major players now reducing their exposure – making it difficult to arrive at new cyber risks.
The result, as in most commercial lines at the moment, is a tough market. This is certainly not a bad thing in itself; After all, a healthy market must provide something for both sellers and buyers, and this is evident – unevenly, of course – through the action of the insurance cycle. But what is happening in cyber can really be described as a tough market within a tough market, with price increases developing their very own momentum.