Rising claims threaten to stall cyber insurance market growth as underwriters struggle to price risk

Summary

While the cyber insurance market has been growing rapidly with estimated annual premiums of more than $5B, structural issues may slow or stall growth in the near term if losses begin to exceed premiums. Around 50 companies are reported to have cyber insurance in excess of $500m, and to collectively pay an estimated $250m in premiums. Approximately 200 companies are reported to have cyber insurance policies covering between $200m—$499m, and collectively pay an estimated $900m in premium.

One survey by insurer Hiscox reports that cyber losses amongst a group of 5,569 companies across 8 countries increased 50% in 2019 to $1.8B, even as the proportion of businesses suffering attack fell from 61% to 39%.

As the cost of cyber breaches — particularly ransomware — is increasing exponentially (Hiscox reports that the median cost of all cyber incidents and breaches increased 5x in the US from 2019 to 2020, and 8x in Germany), insurers risk huge losses well in excess of their aggregate premiums collected if several large clients experience expensive breaches. An estimated 40% of cyber insurance premiums are currently passed on to reinsurers, but they are reportedly not deploying more capacity to more cyber risk, which may cause underwriters to slow their growth, despite clearly rising demand.

Report

Analysis

The article rightly calls attention to structural challenges but misses some of the most important ones. We recently discussed the problem of the inaccuracy of cyber risk pricing models used by insurance companies and the discrepancy between the actual economic and financial impact of breaches and companies’ cyber insurance coverage.

As the surge in breach costs are resulting in a rapid rise in claim amounts, insurers profitability is being strained. Importantly, this big increase in claim amounts is occurring even as the true cost of cyber incidents is increasing even more rapidly than headline figures report.

Therefore, the squeeze is on both insurers who are faced with increased ‘direct cost’ claims and the insured breached companies who are faced with increasing indirect costs which insurers will hesitate to reimburse. In this environment, insurers and reinsurers will be loath to increase more capital exposure at current premium prices.

The key to addressing these challenges is twofold: Enterprises need to recognize the necessity of better cyber governance and implement cost effective improvements to their cyber defense posture, and the insurance industry needs to have more accurate cyber risk pricing models, models that only Cyberhedge has transparently proven to have. Without these, the cyber insurance industry overall will continue to struggle to price and supply sufficient coverage, and companies will be increasingly vulnerable to ever widening gap between financial and economic damage caused by attacks and existing coverage that falls well short.

The result is more cases like ISS World where ransomware attacks inflict serious damage on corporate financials that will take a year or more to recover from, in part because losses far exceed any coverage the company may have.

As the structural changes will likely take time, well-executed digital transformation matters more than ever as threats persist. And the divergence in performance between companies that are top-rated in cyber governance and those poorly rated in cyber governance will likely continue.

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website