Research

Insurance Marketplace Realities 2019 — Cyber

November 6, 2018

Rate predictions

  Trend Range
Cyber No change or slightly up/down –3% to +5%

Key takeaway

As organizations continue to make substantial investments to strengthen their security and privacy protections through technology and become more vigilant about the human element of cyber risk, they will have further leverage to press on pricing and coverage improvements.

Most cyber renewals for both primary and excess cover are averaging single-digit increases.

  • Insurers have tightened pricing and retention guidelines for companies that have not addressed vulnerabilities.
  • With claim activity or recent incidents, increases may be higher.
  • Where organizations have demonstrated increased levels of security and internal policy controls, underwriters have offered premium decreases. Increased competition in the marketplace has also played a factor as insurers fight to write the better risks.
  • Excess capacity is very competitively priced, often below 60% of the underlying primary rate.

Cyber insurance uptake and cyber insurance losses continue to rise.

  • Total cyber premiums are set to climb through 2018. Industry observers expect global premiums to reach $10 billion by 2020.
  • Global ransomware and cyber-extortion claims dominate headlines. According to Cybersecurity Ventures, 2017 costs are estimated to exceed $5 billion, a 15-fold increase in two years.1 Ransomware and cyber-extortion costs are expected to rise to $11.5 billion by 2019.2
  • Middle market clients (annual revenues below $1 billion) in low-hazard industry classes continue to see a very competitive marketplace with aggressive pricing and broad policy language, as many carriers seek to enter the space.
  • There is a steady increase in capacity, with new U.S., London, Bermuda and Asian markets providing aggregate limits of up to $600 million in some cases.

Coverage is evolving to cover regulatory risk, reputational damage and gap exposures.

  • The E.U. General Data Protection Regulation (GDPR) went into effect in May 2018, and the California Consumer Privacy Act will go into effect in 2020. We have seen cyber markets more affirmatively address coverage for claims stemming from the GDPR and for claims anticipated under the California Consumer Privacy Act.
  • We are seeing the extension of business interruption coverage to include the loss of business income resulting from adverse publicity stemming from actual or even alleged cyber events.
  • More markets are looking to address gaps in property, general liability and special crime coverage to include perils arising from cyber exposures, and certain markets are beginning to blend cyber and property coverages. This fact is especially relevant given the increased reliance on the Internet of Things (IoT) and the potential for damage beyond financial loss.

Carriers are growing increasingly sophisticated in their underwriting.

  • Carriers continue to focus on better management of limits deployed on programs, with many offering no more than $10 million on a given placement. Some carriers will consider deploying additional limits but may require significant retentions to do so.
  • Insurers are exploring data analytics partnerships with InsurTech and FinTech firms in an effort to gather and optimize exposure data, allowing underwriters to assess how organizations and their employees handle sensitive data. Underwriters want to understand an organization’s cyber culture; this can offer opportunities for buyers to differentiate themselves if they are developing holistic approaches to cyber risk across people, capital and technology.
  • Carriers continue to be accepting of manuscript applications and conference calls in lieu of standard applications. This has led to more competitive pricing due to the increased amount of information provided.

Endnotes