The cyber insurance market saw large pricing increases in the third and fourth quarters of 2021, according to Marsh’s UK Cyber Insurance Trends Report for 2021.
The increases were driven by the insurance market’s focus on addressing systemic risks within the cyber portfolio, the report said. But efforts to tackle this with exclusionary language have caused further frustration for clients. The ongoing Russia-Ukraine conflict is also creating significant concern that cyberattacks may intensify as the crisis deepens, the report added.
Price increases were especially sharp in the fourth quarter, increasing by triple digits. At the beginning of 2021, more than 90% of organisations that bought insurance through the London market experienced an increase in cyber insurance pricing. By the fourth quarter, that figure rose to 98%.
The report said there are multiple factors driving clients to seek cyber insurance. These include the COVID-19 pandemic and the rapid adoption of remote working technologies, which forced businesses to evaluate (or re-evaluate) their approach to cyber risk in 2020. Increased media coverage around cyberattacks, board-level pressure, and clarity around “silent cyber” risk also led to organisations reviewing their cyber exposures.
The increased technology adoption and the associated heightened cyber risk in recent years has led to a significant increase in insurance buying by power and utilities and manufacturing companies. Purchasing by more traditional buyers, such as retailers and financial institutions, has declined mainly due to capacity reductions and higher rates.
The aviation sector – including airlines, airports, and aviation manufacturers – experienced the most significant limit reductions. Limits dropped by 19%, from a £120 million average in 2020 to £97 million last year. Meanwhile, limits in the communications, media and technology (CMT) sector were down 15%, from a £97 million average in 2020 to a £82 million average in 2021.
According to the report, data breach continues to be main driver of claims in the UK, followed by ransomware incidents. Although data breach attacks have witnessed a slight decline, ransomware events increased again in 2021, the report said. The healthcare industry, CMT companies, and financial institutions drove cyber losses, accounting for 58% of losses between 2015 and 2021.
As a result, insurers are focusing on the controls that organisations have in place to improve their cyber resilience, such as multi-factor authentication, cyber incident response planning and digital supply chain risk management.
“Increased pricing for cyber coverage, lowered capacity, and more stringent underwriting have become consistent trends across the past couple of years, and continued to affect insureds’ cyber programmes in the first quarter of 2022,” Marsh said. “As we look ahead at the rest of the year, we expect to see the cyber insurance market affected by four major trends: underwriting, limits, price and coverage.”