Cyber liability policyholders who have seen sharp increases in insurance costs and cuts in coverage over the past two years are seeing rates stabilize or fall, experts say.
New players in the cyber insurance market have added additional capabilities and insurers have insisted on improved cybersecurity as a condition of coverage, they said during interviews at the Risk & Insurance Management Society Inc.’s Riskworld annual conference in Atlanta last week.
But ransomware remains a threat, with attacks increasing this year, they said.
“The market is in a state of stabilization right now. And when we look at prices, generally speaking, we’re talking about minus five to plus five,”
; said Stephanie Snyder Frenier, senior vice president, business development leader-professional and cyber solutions, at CAC Specialty in Chicago.Increased capacity and improved cybersecurity are driving cyber speeds down, said Joe Peiser, New York-based head of commercial risk solutions, North America, at Aon PLC. Aon saw cyber liability rates fall 8% in the first quarter and expects rates to fall 15% to 25% in future renewals, he said.
“We’re seeing a leveling out of the market and price picture right now. Capacity has stabilized,” said Rich DePiero, New York-based vice president and head of Sompo Pro, a unit of Sompo International Holdings Ltd.
Additionally, policyholders can build larger coverage towers with lead lines expanding to $10 million from $5 million.
“We started to see a slowdown in rate hikes in the third quarter of last year,” New York said–based Meredith Schnur, leader of cyber brokerage, US and Canada, at Marsh LLC. “As we turned the corner to 2023, increases averaged 20% to 30%, and now, in the first quarter, new data shows an average rate increase of 11%.”
The slowdown follows two to three years of significant rate hikes and new capacity additions, she said.
After major cyber losses in 2020 and into 2021, rate increases in 2021 and 2022 were “as steep and as drastic as I’ve seen in any industry,” said Mario Vitale, New York-based president of Resilience Cyber Insurance Solutions LLC.
But cyber liability has a shorter tail than many other lines of liability because losses are driven by issues such as ransom demands, business interruption and loss of data, he said. As a As a result, insurers may see 2022 as a more favorable year from a claims perspective, he said.
– Conditions have softened. We really noticed that last November,” said Bobby Bianconi, Hartford, Conn.-based head of US technology and cyber at Aspen Insurance Holdings Ltd.
Better security
Policyholders and insurers are integrating cybersecurity efforts with risk transfer considerations, Mr. Vital.
Many companies are implementing suggestions from insurers on how to improve cyber security, said New York-based Dan Frusciano, head of cyber underwriting, global risk solutions North America, at Liberty Mutual Insurance Co.
“They’re making the right investments in the tools to really protect what’s important,” he said. For example, policyholders are better informed about the assets they need to protect, what security patches they need to apply and educate employees about cyber risks.
In addition to lower premiums, policyholders with improved cybersecurity get better terms, such as removing coinsurance requirements for ransomware risks, Frusciano said.
“Boards see cyber coverage as kind of a belt and braces — a necessary thing — but your CFOs are looking more at the value proposition given that premiums are so expensive,” said Carey Almond, Atlanta-based director of corporate insurance at Colonial Pipeline Co. ., during a cyber session at the conference.
Alternative capacities are also entering the market. Marsh LLC has seen a 75% increase in the number of inmates under supervision writing cyber over the past two years.
Ellen Charnley, Las Vegas-based CEO of Marsh Captive Solutions, said Marsh will launch a custom cyber vehicle specifically for captive owners to access reinsurance in a few weeks.
The addition of cyber reinsurance capacity through insurance-linked securities could also expand the market, said Snyder Frenier of CAC Specialty. Beazley PLC and Hannover Re SE announced cyber ILS deals earlier this year.
A disadvantage for policyholders is that some insurers are introducing the war exclusion devised by Lloyd’s of London, which, among other things, prevents cover for major cyber attacks by nations or state-sponsored cyber criminals.
Many insurers in the U.S. are sticking with existing war exclusions with a cyber-terrorism backlog to maintain some coverage and increase their market share as a result, Snyder Frenier said.
Changing risks
While ransomware attacks still occur, policyholders can more often recover their data from their backup data storage facilities and avoid paying ransoms, Mr. Frusciano of Liberty Mutual.
But the nature of the risks is changing, Snyder Frenier said. For example, ransomware attacks initially targeted personally identifiable information held by companies, but now more often target confidential company information.
The cyber risk management environment is changing rapidly due to increasingly sophisticated cyber attacks, said Mr. Vitale of Resilience. Unlike in real estate risk management, where highly protected risks remain stable, cyber security needs constant monitoring, he said.
There has also been a significant increase in ransomware claims this year, with some in March and April involving large ransoms, Marsh’s Schnur said.
Generative AI like ChatGPT also increases cyber risk, Snyder Frenier said. Few organizations have corporate policies for the use of AI, which can expose them to the loss of confidential information if employees enter it into ChatGPT as part of a work project.
“We’re starting to see the use of AI to just increase the ability of bad guys to move quickly and enhance their abilities,” Mr. Frusciano.
Claire Wilkinson contributed to this report.
Source link
