Research

Insurance Marketplace Realities: Cyber risk

2018 Spring Update on Commercial Insurance in North America

April 12, 2018

Price prediction

  Trend Range
Renewals (with no claim activity or recent incidents): No change or slightly up/down –3% to +5%

Key takeaway

In light of recent large-scale outages, companies should be prepared to demonstrate their resilience, as underwriters are taking a cautious approach to offering system failure and contingent business interruption coverages.

Total cyber renewals for both primary and excess cover are averaging single-digit increases. Insurers have tightened pricing and retention guidelines for companies that have not addressed vulnerabilities. Where organizations have demonstrated increased levels of security and internal policy controls, underwriters have offered premium decreases. Increased competition in the marketplace has also played a factor.

Cyberinsurance uptake and cyberinsurance losses continue to rise.

  • Total cyber premiums are set to climb through 2018. Industry observers expect premiums to reach $10 billion by 2020.
  • Global ransomware and cyber-extortion claims dominated 2017. Resulting costs are estimated to exceed $5 billion, a 15-fold increase in two years. One projection expects ransomware and cyber-extortion costs to rise to $11.5 billion by 2019.
  • Middle market clients (annual revenues below $1 billion) in the low-hazard industry classes continue to see a very competitive marketplace with aggressive pricing and broad policy language, with many carriers seeking to enter the space.
  • There is a steady increase in capacity with new U.S., London, Bermuda and Asian markets providing aggregate limits of up to $600 million in some cases.

Coverage is evolving to cover regulatory risk and gap exposures.

  • The E.U. General Data Protection Regulation (GDPR) is set to go into effect in May 2018. We expect cyber markets to more affirmatively address coverage for regulatory actions stemming from this new regulation.
  • With increased reliance on Internet of Things (IoT) technology on the part of both consumers and industry, we expect increasing gaps in protection from this expanding risk.
  • More markets are looking to address gaps in property, general liability and special crime coverage to include perils arising from cyber exposures, and certain markets are beginning to blend cyber and property coverages. This fact is especially relevant given the increased reliance on IoT and the potential for damage beyond financial loss.

Carriers are growing increasingly sophisticated in their underwriting.

  • Carriers continue to focus on better management of limits deployed on programs, with many offering no more than $10 million on a given placement. Some carriers will consider additional limits, often with significant retentions, on a case-by-case basis.
  • Insurers are exploring data analytics partnerships with insurtech and fintech firms in an effort to gather and optimize exposure data, allowing underwriters to assess how organizations and their employees handle sensitive data. Overall, underwriters want to better understand organizational cyber culture, particularly in cases where organizations are developing holistic approaches to cyber risk across people, capital and technology.
  • Carriers continue to be more accepting of manuscript applications and conference calls in lieu of standard applications. This has led to more competitive pricing due to the increased amount of information provided.