Lofty rate increases and high claims volumes have hounded the cyber insurance market over the last few years. Organizations are increasingly exposed to cyber threats with more digital interconnectivity than ever before. In response, insurers have calibrated their pricing to reflect the high potential of attacks. But brokerage giant Marsh sees a cause for cautious optimism as it looks ahead to the rest of the year.
In its Q2 2022 US and Canada cyber market update, Marsh said that rate increases were leveling off.
Attritional losses have come under better control, and premium growth exceeded incurred losses, thanks to companies that have worked hard to fortify their cyber defenses.
“Over the past two to three months, we have noticed a flattening of premium increases from the high of 130% [average rate increase] in December to May at 86%. That has consistently lowered since January,” Meredith Schnur, the US and Canada cyber brokerage leader at Marsh, told Insurance Business.
Behavioural changes in the market are also contributing to rate stabilization. “Over the past 60 days, we’ve seen the competition on certain risks increase. For all of 2021, we had to fight for one option, let alone multiple options for a client,” Schnur added.
New entities in the space and increased competition would occur as underwriters become more confident about pricing cyber coverage, which would help overall rates stabilize, the Marsh report said.
But claims volume could undercut some of the gains. Marsh said the frequency and severity of claims reported by its clients were persistently high in the past few quarters. Healthcare firms were among the most targeted in 2021, and along with communications, media, and technology companies made up almost a third of total claims. Pricing pressures would continue as more industries fall prey to cyberattacks, according to the Marsh report.
“The market cycle for cyber [insurance] has shown a much sharper pivot than any of our other professional or financial lines,” Schnur observed.
“We must be cautiously optimistic about learning and using our data insights and behavioural analysis because of the nature of the market.”
Despite the challenges in the market, demand for cyber coverage is still climbing. Marsh said the trend of increase in first-time buyers in the US continued last year, with the take-up rate – the overall percentage of clients that bought cyber insurance – increasing to 50% from 47% in 2020.
Canada likewise saw a considerable increase in first-time buyers. The overall number of Marsh’s clients that purchased cyber coverage was more than 20% last year versus less than five percent in 2014. However, the Canadian market faces significant challenges when it comes to capacity.
“The nature of the cyber insurance market in Canada makes it more challenging to put programs together. Building a robust program takes a lot of effort; couple that with the market environment, and there’s a bit more challenge in procuring larger programs,” Schnur noted.
The relatively short history of cyber threats and fast-evolving risks in the space still make it an arduous task for underwriters to understand the frequency and potential cost of massive attacks. While this uncertainty remains, companies that pass high cyber-hygiene standards will reap the rewards in their insurance coverage.
“It's a journey, and the journey never ends because there's always going to be a new threat vector. No organization has a crystal ball. The focus on resiliency is where the underwriters want to see the change,” said Schnur.
However, strong cyber hygiene isn’t necessarily a guarantee that companies will get some relief from rate increases. The Marsh report found that clients with no losses and good cyber controls still saw their premiums rise, and companies that haven’t done the work to hit the minimum requirements saw more expensive premiums and restrictive terms and conditions.
Schnur acknowledged that though some industry classes have had a slower, tougher time upgrading their cyber risk strategies, some organizations have made massive improvements.
“We're seeing the amount of work that many of these organizations have put into increasing their cyber hygiene, from a security and resiliency perspective. A year ago, they were at Ground Zero, and it would have been very difficult for us to procure coverage. Fast forward a year, and you can see the roadmap they've built for themselves and their organizations,” she said.
“It's a positive story. Are [the companies] where they need to be? No, not yet. But we show a good story to the underwriters of how they've gotten from point A to point B.”
