The cyber insurance market is no longer the fresh-faced kid on the block. Over the past 24-months, a dramatic rise in the frequency and severity of cyber events worldwide – in particular, those involving ransomware – has forced the market to “mature quickly,” according to Tim Zeilman (pictured), global cyber product owner at HSB, a Munich Re company.
“We are definitely in a hard market when it comes to cyber,” said Zeilman. “The conditions are quite different than what we saw two years ago, and in fact, the entire prior history of cyber insurance. What we had seen prior to 2019/2020 was an environment where there were lots of competitors and [capacity] rushing in. It seemed like you almost couldn’t lose money, and cyber insurance trends only ran in one direction – towards lower rates and broader coverage.
“It’s a very different story today. What we see now, and what we’ve seen for the last year or so, is an environment in which carriers across the board are taking rate – sometimes double- or triple-digit rate increases depending on the segment of the market. That rapid expansion of coverage driven by competition in the marketplace, has really slowed down quite a bit.”
Insurance carriers started exhibiting hard market behaviours in 2020 after a dramatic surge in ransomware events in 2019 – a surge that, unfortunately, has not yet abated almost two years later. And during that two-year period, the sophistication of hackers has grown, and the success of ransomware as a business model has exploded.
During the same time period, there has also been a fairly dramatic rise in various kinds of business funds transfer and financial payment fraud. These issues have slipped somewhat under the radar slightly, according to Zeilman, because the ransomware epidemic has drowned out discussion of other loss trends, but they have also contributed to the quick maturation – and hardening – of the cyber marketplace.
“Cyber insurers have reacted to these loss trends using traditional underwriting tools,” Zeilman told Insurance Business. “For example, they’re re-evaluating their rates, looking at their loss experience to see how much they need to increase rates to return to profitability (if they’ve had a profitability problem, which some carriers have).
“They’re also tightening terms on coverages, lowering limits (there are a lot of carriers in the marketplace today that are offering a maximum limit that’s significantly lower than it was a year or two ago), and they’re imposing sub-limits, particularly with respect to coverage for ransomware and extortion. We’ve also seen some carriers initiate coinsurance in connection with ransomware losses as well.
“Insurers are also demanding more information when underwriting, so we’re seeing longer and more detailed questionnaires [for applications and supplemental applications]. One of the trends prior to 2019 was a consistent push for insurers to ask fewer questions when underwriting, and that’s now reversed. Carriers now have the leverage to ask more questions, and many are, specifically related to exposures and vulnerabilities that might lead to ransomware attacks.”
Read next: "You can’t defend against all cyberattacks"
These hard market conditions, which are being seen worldwide, have forced cyber insurers to “be a lot more careful,” according to Zeilman, and to be more scrupulous in underwriting, crafting coverage terms and conditions, determining adequate rate, and demanding best-practice risk mitigation controls from insureds.
“I think that’s very positive for the market, and I think that’s the optimistic take from the carriers’ perspective,” he commented. “Cyber insurance has existed since the early 2000s, but I think the last two or three years have really matured the market quite a good deal, and put it on much more solid footing for a sustainable future. We at HSB, and the broader Munich Re organisation that we’re part of, are excited about the future of cyber insurance.
“I think the experiences over the last couple of years have really shown the value of cyber insurance, and I think that value has become more apparent to more parts of the consumer base that might not have really felt that cyber insurance was all that valuable before. So, I think there’s lots of opportunity. I think cyber insurance has a bright future. I’m sure it will continue to evolve, but for the last couple of years, it has proven that it plays a very important role in the insurance marketplace.”