If cyber insurance was a person their young age would seem at odds with the sheer number of momentous events they have experienced during their lifetime. It’s a dichotomy at the heart of cyber insurance – that contradiction between the coverage’s relative youth and tumultuous trajectory.
Discussing the evolution of the cyber insurance market, Christopher Burgess (pictured), director of cyber at Markel International – which is celebrating 10 years of serving the sector – highlighted some of the landmark years in its vibrant and varied calendar. Looking at the formative cyber events that have shaped the last decade, he said, it’s impossible not to mention ransomware.
Ransomware continues to be a game changer for the cyber insurance market, Burgess said, and the majority of cyber claims are still paid out for ransomware losses. The threat has been around for a while but the emergence of cryptocurrency and Bitcoin which has allowed malicious actors to demand traceless payments led to an uptick – culminating in a seminal year during 2017 where it started to spike in both frequency and severity – while its profile was raised by several high-profile incidents, among them WannaCry and NotPetya.
“I think that growth in ransomware drove the market in a couple of ways,” he said. “It required underwriters to upskill significantly to gain cyber knowledge, and it put greater scrutiny around certain controls to help defend against and mitigate the ransomware threat. I think clients suddenly realised the value of cyber insurance during that time and we saw a huge growth in the portfolios of the cyber insurance market globally.
“[…] And as rates increased, which we saw culminating in 2021/2022, clients themselves started to increase their security controls, their IT budgets but also their insurance budgets to buy the cyber coverage they’ve begun to really value as part and parcel of how to protect a company and its balance sheet from cyber attacks. So, I think really drove the market and that stems back to ransomware and when that started to really take off in 2017.”
Twenty-nineteen was another landmark year in the cyber insurance timeline, Burgess said, as it saw the material take-off of double ransomware – where the insured suffers not just having their data encrypted in return for paying a ransom but also facing having that data exfiltrated. That can and has cost clients and insurers more money, driving up claims costs – which is where the corrective market conditions of 2021 and 2022 came from.
“It’s interesting looking back at these seminal years in the ransomware story which have really shaped where we are as a market today,” he said. “NotPetya and WannaCry in 2017 were widespread attacks that took place and are widely acknowledged as nation-state-backed attacks.
“That was a key moment for the market because that started the debate, in my opinion, about war and about war exclusions, and about the extent to which insurers feel comfortable covering certain elements of nation-state attacks. It started that conversation which continued earlier this year with the Lloyd’s bulletin and the requirement to put certain war exclusions into policies.”
The output around this bulletin is work that really started back in 2017 when those questions were first being asked within Lloyd’s, within the wider London insurance community, and around the world. Those pivotal years in the cyber insurance calendar continue to resonate across the cyber insurance sector, he said, and the market as a whole is continuing to see how these will play out in 2023 and beyond.
The development of Markel’s cyber insurance proposition has played out in the context of how the broader cyber landscape has developed – and it will evolve as that landscape continues to change. Examining that evolution, Burgess highlighted the irony that consistency has been the key to navigating the ever-changing sector. In cyber, he said, things are changing constantly which is why providing a consistent offering is such a critical consideration for brokers and insureds alike.
“We’ve had a consistent offering for over a decade now in cyber,” he said. “We’ve never pulled out of writing or insuring a certain industry or a certain territory. We’ve been consistently there for our broker partners and clients, we’ve been consistent in paying claims and we’ve kept a consistent team together.
“Remaining competitive in this market while remaining profitable is quite challenging and there are some competitors we’ve seen in the last decade that are no longer here because of that challenge. Our consistency has been the key to us continuing to achieve that. I often feel we’re spinning quickly because there’s always so much going on internally that we have to do to make sure we keep our position as a market leader in cyber.”
Burgess noted that when Markel’s London Wholesale division first started writing cyber a decade ago, the coverage was still relatively new and so there was little appetite and slow growth in the market. However, he said, in recent years, it recently hit the important milestone of writing over USD $100 million of cyber premium at the Syndicate in London and it’s now well on its way to reaching the USD $200 million mark.
“We’re also on the cusp of releasing our third cyber product at the Syndicate here at Markel in London, which we will do this year,” he said. “I think that will be another big milestone for us in cyber at Markel.”
Looking at the makeup of the market, Burgess highlighted that people coming into the cyber market tend to either hail from a financial lines background, like himself, or be new to the insurance market. Given that the market is still so young and that cyber as a product has only been around since the late 90s, he said, there’s a high value placed on having a skilled, experienced, and dependable team.
“Having a supportive environment where we invest in our people means that our people stay and gain experience and training and expertise,” he said. “And I think brokers do genuinely value that and value the fact that they can get service from that. We’ve expanded our team as the portfolio has grown which has been a big success as it means we can keep servicing that business. Retaining talent and developing the next generation of cyber underwriters is a challenge for the whole market but I like to think that here at Markel, we’re doing our part.”
Insurance Business is looking for the best cyber insurers of 2023. Make your nomination now.
